U.S. CISA Adds Android and Linux Kernel Flaws to Its Known Exploited Vulnerabilities Catalog

CISA’s Known Exploited Vulnerabilities (KEV) catalog serves as a frontline alert system for threats that have already seen real‑world attacks. By publishing newly confirmed exploits, the agency helps organizations prioritize remediation, especially when the vulnerabilities affect core infrastructure components like the Linux kernel and the Android operating system. The recent inclusion of CVE‑2022‑0492 and CVE‑2025‑48595 underscores the catalog’s role in bridging intelligence from security researchers to actionable guidance for federal and private entities.

The Linux kernel flaw targets the cgroups v1 release_agent mechanism, a feature that isolates resource usage for groups of processes. A flaw in its authentication logic enables a local attacker to break out of a container and gain root privileges on the host, a scenario that jeopardizes multi‑tenant cloud environments and on‑premises virtualization. Exploiting this bug requires only container‑level access, making it a high‑impact vector for ransomware groups and nation‑state actors seeking to pivot from compromised workloads to broader network control. Mitigation hinges on applying kernel patches released by major distributions and, where possible, migrating to cgroups v2, which addresses the underlying design weakness.

On the mobile front, CVE‑2025‑48595 is an integer overflow in the Android framework that can be triggered to execute arbitrary code without user interaction. Google’s security bulletin confirms limited, targeted exploitation, suggesting threat actors are already weaponizing the bug against high‑value targets. The vulnerability spans Android 14 through 16, covering millions of devices in enterprise BYOD programs and government deployments. Rapid patch distribution, combined with enforced compliance under CISA’s Binding Operational Directive 22‑01, is essential. Organizations should audit device inventories, enforce timely updates, and consider mobile threat defense solutions to detect anomalous behavior stemming from this exploit.