Exploitation Summary
CVE-2022-0492 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 2, 2026.
EIP tracks 10 public exploits from researchers including PaloAltoNetworks, chenaotian, SofianeHamlaoui, including a Metasploit module exploits/linux/local/docker_cgroup_escape.
AI-analyzed exploit summary This repository contains a scanner to test for container escape vulnerabilities via CVE-2022-0492, which involves exploiting cgroup release_agent mechanisms. It checks for CAP_SYS_ADMIN capabilities and user namespace abuses.
Description
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Exploits (10)
This repository contains a scanner to test for container escape vulnerabilities via CVE-2022-0492, which involves exploiting cgroup release_agent mechanisms. It checks for CAP_SYS_ADMIN capabilities and user namespace abuses.
This repository contains a working exploit PoC for CVE-2022-0492, a container escape vulnerability in the Linux kernel's cgroup subsystem. The exploit leverages the lack of permission checks on the release_agent file to escape from a container to the host system.
This repository contains a checker script to determine if a container environment is vulnerable to CVE-2022-0492, a privilege escalation vulnerability in the Linux kernel's cgroups v1 release_agent feature. The script tests for two escape methods: via CAP_SYS_ADMIN and via user namespaces.
This repository contains a functional PoC for CVE-2022-0492, a Linux kernel vulnerability in cgroup v1's release_agent feature, allowing container escape via privilege escalation. The script checks for exploitability and executes arbitrary commands on the host system.
This repository contains a functional Go-based exploit for CVE-2022-0492, a container escape vulnerability in the Linux kernel's cgroups v1 implementation. The exploit leverages the rdma cgroup subsystem to execute arbitrary commands on the host system by manipulating the release_agent mechanism.
This PoC exploits CVE-2022-0492, a container escape vulnerability in Docker's cgroup v1 implementation. It leverages CAP_SYS_ADMIN or unshare to mount a cgroup with rdma subsystem, enabling arbitrary command execution on the host via release_agent.
This repository is a Bash script template with colorized output formatting and utility functions, but it does not contain any actual exploit code for CVE-2022-0492. The README and scripts only demonstrate a shell script framework.
This repository contains documentation files related to the Linux kernel, specifically focusing on ABI stability, admin guides, and hardware-specific documentation. It does not include any exploit code or proof-of-concept for CVE-2022-0492.
This repository contains a scanner script to check if a container environment is vulnerable to CVE-2022-0492, a privilege escalation vulnerability in the Linux kernel's cgroups v1 release_agent feature. It tests for exploitable conditions via CAP_SYS_ADMIN or user namespaces.
This Metasploit module exploits CVE-2022-0492, a Linux kernel vulnerability in cgroups v1, allowing container escape from Docker with SYS_ADMIN or privileged access. It abuses the release_agent feature to execute arbitrary code as root on the host.
References (11)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H