The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added a safety flaw impacting the Linux kernel to the Recognized Exploited Vulnerabilities (KEV) catalog, citing proof of energetic exploitation.
Tracked as CVE-2024-1086 (CVSS rating: 7.8), the high-severity challenge pertains to a use-after-free bug within the netfilter element that allows a neighborhood attacker to elevate privileges from a daily consumer to root and presumably execute arbitrary code.
“Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation,” CISA mentioned.
Netfilter is a framework offered by the Linux kernel that enables the implementation of varied network-related operations within the type of customized handlers to facilitate packet filtering, community handle translation, and port translation.
The vulnerability was addressed in January 2024. That mentioned, the precise nature of the assaults exploiting the flaw is presently unknown.
Additionally added to the KEV catalog is a newly disclosed safety flaw impacting Test Level community gateway safety merchandise (CVE-2024-24919, CVSS rating: 7.5) that enables an attacker to learn delicate info on Web-connected Gateways with distant entry VPN or cell entry enabled.
In mild of the energetic exploitation of CVE-2024-1086 and CVE-2024-24919, federal companies are really useful to use the most recent fixes by June 20, 2024, to guard their networks towards potential threats.
