CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw

Cyber Security

Products You May Like

May 30, 2024NewsroomLinux / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Tracked as CVE-2024-1086 (CVSS score: 7.8), the high-severity issue relates to a use-after-free bug in the netfilter component that permits a local attacker to elevate privileges from a regular user to root and possibly execute arbitrary code.

“Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation,” CISA said.

Netfilter is a framework provided by the Linux kernel that allows the implementation of various network-related operations in the form of custom handlers to facilitate packet filtering, network address translation, and port translation.

Cybersecurity

The vulnerability was addressed in January 2024. That said, the exact nature of the attacks exploiting the flaw is presently unknown.

Also added to the KEV catalog is a newly disclosed security flaw impacting Check Point network gateway security products (CVE-2024-24919, CVSS score: 7.5) that allows an attacker to read sensitive information on Internet-connected Gateways with remote access VPN or mobile access enabled.

In light of the active exploitation of CVE-2024-1086 and CVE-2024-24919, federal agencies are recommended to apply the latest fixes by June 20, 2024, to protect their networks against potential threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

WhatsApp Rolls Out Context Card for New Group Members to Improve Safety
Streamlined Security Solutions: PAM for Small to Medium-sized Businesses
Meta lifts Trump’s Facebook and Instagram restrictions ahead of election
Google reportedly in advanced talks to acquire cyber startup Wiz for $23 billion, its largest-ever deal
Indian Video Games Industry Seeks Distinction From Real Money Games, Sends Policy Suggestions to Centre

Leave a Reply

Your email address will not be published. Required fields are marked *