HomeVulnerabilityCISA Alerts Federal Businesses to Patch Actively Exploited Linux Kernel Flaw

CISA Alerts Federal Businesses to Patch Actively Exploited Linux Kernel Flaw

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added a security flaw impacting the Linux kernel to the Identified Exploited Vulnerabilities (KEV) catalog, citing proof of lively exploitation.

Tracked as CVE-2024-1086 (CVSS rating: 7.8), the high-severity concern pertains to a use-after-free bug within the netfilter part that allows a neighborhood attacker to raise privileges from a daily consumer to root and probably execute arbitrary code.

“Linux kernel incorporates a use-after-free vulnerability within the netfilter: nf_tables part that permits an attacker to attain native privilege escalation,” CISA mentioned.

Netfilter is a framework supplied by the Linux kernel that permits the implementation of varied network-related operations within the type of customized handlers to facilitate packet filtering, community handle translation, and port translation.

Cybersecurity

The vulnerability was addressed in January 2024. That mentioned, the precise nature of the assaults exploiting the flaw is presently unknown.

Additionally added to the KEV catalog is a newly disclosed security flaw impacting Examine Level community gateway security merchandise (CVE-2024-24919, CVSS rating: 7.5) that permits an attacker to learn delicate info on Web-connected Gateways with distant entry VPN or cell entry enabled.

See also  Hackers use PoC exploits in assaults 22 minutes after launch

In mild of the lively exploitation of CVE-2024-1086 and CVE-2024-24919, federal businesses are advisable to use the newest fixes by June 20, 2024, to guard their networks in opposition to potential threats.

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular