Android Framework Vulnerability Under Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high severity integer overflow vulnerability in the Android Framework to its Known Exploited Vulnerabilities (KEV) catalog. This flaw affects Android versions 14 through 16 and allows an attacker to escalate privileges without any user interaction. Google has acknowledged that this vulnerability may be under limited targeted exploitation and has addressed it in the June 2026 security patches (patch levels 2026-06-01 and 2026-06-05).
Linux Kernel Privilege Escalation Bug
CISA also flagged a separate vulnerability in the Linux kernel that affects a wide range of kernel versions from 2.6 through 4.20 and 5.5 through 5.17. The issue resides in the cgroup release agent function within the cgroups v1 subsystem. Insufficient authentication checks allow a local attacker to bypass namespace isolation, escalate privileges, and potentially escape from a container to gain root level access on the host system. This flaw poses a significant risk to containerized environments that use cgroups v1, especially when containers have elevated capabilities. The Linux kernel patches that address this issue include versions 4.9.301+, 4.14.266+, 4.19.229+, 5.4.177+, 5.10.97+, 5.15.20+, 5.16.6+, and 5.17-rc3+.
Impact and Compliance Directive
By including these two flaws in its KEV catalog, CISA mandates that all federal agencies bound by the Binding Operational Directive (BOD) 22-01 must apply the provided security updates or stop using the affected software. The deadline for compliance is June 5. Beyond federal agencies, the KEV catalog serves as a warning for critical infrastructure operators and large organizations, urging them to prioritize mitigation. Neither vulnerability has been flagged as exploited by ransomware groups, a specific designation CISA uses to denote additional urgency.
Source: BleepingComputer
