The U.S. Cybersecurity and Infrastructure Security Company (CISA) on Thursday added a security flaw impacting the Linux kernel to the Recognised Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2024-1086 (CVSS rating: 7.8), the higher-severity issue relates to a use-soon after-cost-free bug in the netfilter part that permits a neighborhood attacker to elevate privileges from a regular user to root and quite possibly execute arbitrary code.
“Linux kernel incorporates a use-following-free vulnerability in the netfilter: nf_tables component that enables an attacker to accomplish nearby privilege escalation,” CISA reported.
Netfilter is a framework presented by the Linux kernel that allows the implementation of various network-related functions in the kind of personalized handlers to aid packet filtering, network deal with translation, and port translation.
The vulnerability was resolved in January 2024. That explained, the exact character of the attacks exploiting the flaw is presently unknown.
Also extra to the KEV catalog is a freshly disclosed security flaw impacting Look at Issue network gateway security goods (CVE-2024-24919, CVSS score: 7.5) that lets an attacker to read sensitive facts on Internet-related Gateways with distant obtain VPN or mobile accessibility enabled.
In light of the active exploitation of CVE-2024-1086 and CVE-2024-24919, federal organizations are advised to apply the most up-to-date fixes by June 20, 2024, to defend their networks against opportunity threats.
Identified this write-up exciting? Abide by us on Twitter and LinkedIn to read through additional exceptional content we publish.
Some parts of this article are sourced from:
thehackernews.com