criticalCISA KEVCVE-2022-0492

Linux Kernel Improper Authentication Vulnerability

Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.

ProductKernel
CVSS7.8
EPSS0.05528
UpdatedJuly 9, 2026

Quick answer

Linux Kernel should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • -
  • 5.17
  • 9.0
  • 10.0
  • 11.0
  • 8.0
  • 8.2
  • 4.0
  • 8.1
  • 14.04
  • 16.04
  • 18.04
  • 20.04
  • 22.04
  • 35

Fixed versions

  • Apply the latest vendor-supported patched version.

How to fix it

Update the Linux kernel to a release that fixes the cgroups release_agent escape issue and reduce container privilege. Hosts running containers should be prioritized because vulnerable configurations can allow container-to-host privilege escalation.

  1. Inventory Linux hosts, Kubernetes nodes, container hosts, CI runners, and appliances running affected kernels.
  2. Install the vendor kernel update that fixes CVE-2022-0492 and reboot into the patched kernel.
  3. Disable unneeded cgroup v1 usage and prefer hardened cgroup v2 configurations where supported.
  4. Remove privileged containers, hostPath mounts, host PID/IPC/network access, and excessive Linux capabilities unless explicitly required.
  5. Apply Kubernetes Pod Security, admission controls, seccomp, AppArmor or SELinux profiles, and read-only root filesystems where possible.
  6. Review container workloads for access to cgroup release_agent paths or suspicious host escape behavior.
  7. Rotate host, cluster, registry, and cloud credentials if a vulnerable container host showed signs of compromise.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm uname and package inventory show the patched kernel after reboot.
  • Verify no production workload runs with unnecessary privileged container settings.
  • Run vulnerability scanning across nodes and CI runners to confirm CVE-2022-0492 is closed.
  • Review auditd, container runtime, and Kubernetes logs for suspicious cgroup or host mount access.
  • Run a Fixnx scan against public services hosted on remediated infrastructure.

Related categories

Trusted references

FAQ

What is affected by CVE-2022-0492?

Linux Kernel versions listed as affected should be reviewed: -, 5.17, 9.0, 10.0, 11.0, 8.0, 8.2, 4.0, 8.1, 14.04, 16.04, 18.04, 20.04, 22.04, 35.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.