CISA adds Android and Linux kernel flaws to exploited vulnerabilities catalog

Security Affairs reports that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities affecting the Linux kernel and Android to its catalog of Known Exploited Vulnerabilities (KEV). This inclusion mandates federal agencies to address these flaws by a specific deadline to mitigate risks.

The vulnerabilities added are CVE-2022-0492, a Linux kernel improper authentication flaw with a CVSS score of 7.0, and CVE-2025-48595, an Android framework integer overflow vulnerability with a CVSS score of 8.4. The Linux kernel flaw allows local attackers to escape containers and execute arbitrary commands on the host by exploiting a privilege escalation issue in cgroups. The Android vulnerability, affecting versions 14 through 16, can lead to code execution and privilege escalation, and Google has indicated it is under limited, targeted exploitation.

CISA's Binding Operational Directive 22-01 requires federal agencies to remediate these vulnerabilities by June 5, 2026, to protect their networks. Private organizations are also advised to review the KEV catalog and address these issues.

Source: Security Affairs