GoKawiilThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system.
The most recent flaw the agency added to its Known Exploited Vulnerabilities (KEV) catalog, CVE-2025-48595, is a high-severity integer overflow vulnerability in the Android Framework, which can be leveraged for increased privileges.
According to Google’s recent security bulletin, the security issue impacts Android 14 through 16, and requires no user interaction to exploit.
Google indicated that CVE-2025-48595 may be under limited targeted exploitation in the wild, but provided no specific details about the activity or technical information about the flaw or the incidents.
The issue has been addressed with the release of June 2026 security patches (2026-06-01 and 2026-06-05 security patch levels).
The second vulnerability CISA added to KEV is tracked as CVE-2022-0492, a high-severity privilege escalation flaw that impacts multiple Linux kernel branches, from 2.6 through 4.20, and from 5.5 through 5.17.
The flaw lies in the ‘cgroup_release_agent_write()’ function of the cgroups v1 subsystem, which, due to insufficient authentication checks, can be abused by a local attacker to bypass namespace isolation, escalate privileges, and potentially escape from a container to gain root-level access on the host system.
According to past reports from Aqua Security and Palo Alto Networks, the issue primarily impacts containerized environments using cgroups v1, and is especially dangerous when containers are granted elevated capabilities.
The Linux kernel versions that address the issue are:
4.9.301+
... continue reading