The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added a security flaw impacting the Linux kernel to the Identified Exploited Vulnerabilities (KEV) catalog, citing proof of lively exploitation.
Tracked as CVE-2024-1086 (CVSS rating: 7.8), the high-severity concern pertains to a use-after-free bug within the netfilter part that allows a neighborhood attacker to raise privileges from a daily consumer to root and probably execute arbitrary code.
“Linux kernel incorporates a use-after-free vulnerability within the netfilter: nf_tables part that permits an attacker to attain native privilege escalation,” CISA mentioned.
Netfilter is a framework supplied by the Linux kernel that permits the implementation of varied network-related operations within the type of customized handlers to facilitate packet filtering, community handle translation, and port translation.
The vulnerability was addressed in January 2024. That mentioned, the precise nature of the assaults exploiting the flaw is presently unknown.
Additionally added to the KEV catalog is a newly disclosed security flaw impacting Examine Level community gateway security merchandise (CVE-2024-24919, CVSS rating: 7.5) that permits an attacker to learn delicate info on Web-connected Gateways with distant entry VPN or cell entry enabled.
In mild of the lively exploitation of CVE-2024-1086 and CVE-2024-24919, federal businesses are advisable to use the newest fixes by June 20, 2024, to guard their networks in opposition to potential threats.