Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

High-Severity Vulnerability in Linux Kernel

5 June 2026

Attackers are exploiting a 2022 vulnerability in the Linux kernel to escalate privileges and escape containerised environments to compromise underlying hosts. Patch immediately.

Background

A security update was released in 2022 to address a high-severity vulnerability (CVE-2022-0492) affecting the control groups feature in the Linux kernel. This vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 7.8 out of 10. Attackers are actively exploiting unpatched systems.

Impact

Successful exploitation of this improper authentication vulnerability could allow a local attacker to bypass namespace isolation, escalate privileges, and escape from a containerised environment to the underlying host system.

Known Exploitation

This vulnerability is being actively exploited in the wild.

Affected Products

This vulnerability affects Linux kernel cgroups with cgroups v1 enabled running unpatched kernel versions.

Recommendations

Users and administrators of affected products are advised to apply the latest security updates provided by their Linux distribution vendor. 

References

https://nvd.nist.gov/vuln/detail/cve-2022-0492 

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0492

https://www.securityweek.com/organizations-warned-of-exploited-linux-kernel-vulnerability/

Back to top