The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added a security flaw impacting the Linux kernel to the Identified Exploited Vulnerabilities (KEV) catalog, citing proof of energetic exploitation.
Tracked as CVE-2024-1086 (CVSS rating: 7.8), the high-severity problem pertains to a use-after-free bug within the netfilter element that allows a neighborhood attacker to raise privileges from an everyday person to root and probably execute arbitrary code.
“Linux kernel comprises a use-after-free vulnerability within the netfilter: nf_tables element that permits an attacker to attain native privilege escalation,” CISA mentioned.
Netfilter is a framework offered by the Linux kernel that permits the implementation of varied network-related operations within the type of customized handlers to facilitate packet filtering, community deal with translation, and port translation.
The vulnerability was addressed in January 2024. That mentioned, the precise nature of the assaults exploiting the flaw is presently unknown.
Additionally added to the KEV catalog is a newly disclosed security flaw impacting Verify Level community gateway security merchandise (CVE-2024-24919, CVSS rating: 7.5) that permits an attacker to learn delicate data on Web-connected Gateways with distant entry VPN or cellular entry enabled.
In mild of the energetic exploitation of CVE-2024-1086 and CVE-2024-24919, federal companies are really helpful to use the newest fixes by June 20, 2024, to guard their networks towards potential threats.
