CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw

News

May 30, 2024NewsroomLinux / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Tracked as CVE-2024-1086 (CVSS score: 7.8), the high-severity issue relates to a use-after-free bug in the netfilter component that permits a local attacker to elevate privileges from a regular user to root and possibly execute arbitrary code.

“Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation,” CISA said.

Netfilter is a framework provided by the Linux kernel that allows the implementation of various network-related operations in the form of custom handlers to facilitate packet filtering, network address translation, and port translation.

Cybersecurity

The vulnerability was addressed in January 2024. That said, the exact nature of the attacks exploiting the flaw is presently unknown.

Also added to the KEV catalog is a newly disclosed security flaw impacting Check Point network gateway security products (CVE-2024-24919, CVSS score: 7.5) that allows an attacker to read sensitive information on Internet-connected Gateways with remote access VPN or mobile access enabled.

In light of the active exploitation of CVE-2024-1086 and CVE-2024-24919, federal agencies are recommended to apply the latest fixes by June 20, 2024, to protect their networks against potential threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 04 – Nov 10)
PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released
Bitfinex Hacker Jailed for Five Years Over Billion Dollar Crypto Heist
EU Ramps Up Cyber Resilience with Major Crisis Simulation Exercise

Leave a Reply

Your email address will not be published. Required fields are marked *