Technical description
The Linux kernel contains an improper authentication vulnerability allowing privilege escalation via the cgroups v1 release_agent feature. An attacker with local access can abuse this to escape container boundaries or escalate to root. CISA added this to the KEV catalog on June 2, 2026, confirming in-the-wild active exploitation. This vulnerability is directly relevant to AI infrastructure: containerized LLM inference servers (vLLM, Ollama, LiteLLM, Ray), ML training clusters, and Kubernetes-orchestrated AI workloads running on older kernel versions are all at risk.
Attack vector
Local privilege escalation via manipulation of the cgroups v1 release_agent feature in the Linux kernel. Can be used to escape container isolation in AI serving infrastructure running on vulnerable kernel versions.
Affected systems
Linux Kernel (all distributions with cgroups v1 enabled, unpatched). AI serving infrastructure running on Linux containers or Kubernetes is particularly exposed — containerized vLLM, Ollama, LiteLLM, and Ray deployments on unpatched hosts.
Mitigation
Apply vendor kernel patches per Linux distribution. Federal agencies must remediate by June 5, 2026 per BOD 22-01. For cloud/AI infra teams: update kernel packages on all AI serving hosts; audit Kubernetes node versions; consider disabling cgroups v1 release_agent if not required. Verify container runtime versions are not inherently vulnerable.