Particle.news
Download on the App Store
3 ARTICLES
·
2w ago

CISA Orders Federal Patch of Linux Cgroups Flaw and Android Zero‑Day

The directive requires remediation by June 5 to stop attacks that can escape containers and elevate device or host privileges.

Overview

  • On June 3 CISA added CVE-2022-0492 and CVE-2025-48595 to its Known Exploited Vulnerabilities catalog and set a June 5 remediation deadline for federal civilian agencies.
  • CVE-2022-0492 is a Linux kernel bug in the cgroups v1 release_agent feature that lets a local user arrange execution of a script as root on the host, enabling container escape and host privilege escalation.
  • Security vendors reported active, in-the-wild exploitation of the cgroups flaw this week even though technical details were published years earlier, and researchers Yiqi Sun and Kevin Wang are credited with discovering the bug.
  • CVE-2025-48595 is an Android Framework integer overflow affecting Android 14–16 that Google patched in this month’s updates and said shows indications of limited, targeted exploitation.
  • CISA’s order requires agencies to apply vendor updates or mitigations quickly and experts urge private cloud, container and device operators to identify vulnerable hosts, patch kernels and firmware, and monitor for signs of container escape or tampering.