CISA warns of active attacks exploiting Android, Linux bugs

Published:

3 juni 2026 om 15:36:16

Alert date:

3 juni 2026 om 16:00:35

Source:

bleepingcomputer.com

Operating Systems, Mobile & IoT, Zero-Day Vulnerabilities

CISA warns that hackers are actively exploiting vulnerabilities in the Linux kernel and Android operating system. The agency has issued alerts about ongoing attacks targeting these critical system components. These vulnerabilities pose significant risks as they affect widely deployed operating systems. Organizations using Android and Linux systems are advised to apply security patches immediately. The active exploitation indicates these vulnerabilities are being weaponized in real-world attacks.

Technical details

CVE-2025-48595 is a high-severity integer overflow vulnerability in the Android Framework that enables privilege escalation and requires no user interaction to exploit. CVE-2022-0492 is a privilege escalation flaw in the Linux kernel's 'cgroup_release_agent_write()' function of the cgroups v1 subsystem, which allows local attackers to bypass namespace isolation, escalate privileges, and potentially escape from containers to gain root-level access due to insufficient authentication checks.

Mitigation steps:

Apply vendor-provided security updates and mitigations or stop using the impacted software. For Android, update to June 2026 security patches (2026-06-01 and 2026-06-05 security patch levels). For Linux, update to patched kernel versions: 4.9.301+, 4.14.266+, 4.19.229+, 5.4.177+, 5.10.97+, 5.15.20+, 5.16.6+, 5.17-rc3+. Federal agencies must comply by June 5 deadline as per BOD 22-01 directive.

Affected products:

Android 14
Android 15
Android 16
Linux kernel 2.6 through 4.20
Linux kernel 5.5 through 5.17