I saw the recent CVE-2022-0492 that can enable container escape, and I have a decent understanding of cgroups and container capabilities, but not very familiar with how hybrid cgroup v1/v2 works, nor how cgroups and capabilities work together. However, looking at the commit the vulnerable code is only related to cgroups v1.
So my question is if this is only exploitable when using cgroups v1 for containers, or if the host is also vulnerable while it's using cgroups v1, but then uses cgroups v2 for container namespaces in hybrid mode? Does using cgroups v2 for both hosts and containers reduce attack surface?