CISA Adds Linux Kernel Vulnerability to Known Exploited Vulnerabilities Catalog

CISA Adds Linux Kernel Vulnerability to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has identified and added a critical vulnerability in the Linux kernel to its Known Exploited Vulnerabilities (KEV) catalog. This high-severity flaw, tracked as CVE-2024-1086, poses a significant risk to Linux systems and potentially allows attackers to escalate privileges on affected systems.

The vulnerability, first disclosed on January 31, 2024, involves a use-after-free issue in the netfilter: nf_tables component of the Linux kernel. This flaw, introduced by a commit in February 2014, arises from the ‘nft_verdict_init()’ function, which erroneously allows positive values to be used as a drop error within the hook verdict. As a result, the ‘nf_hook_slow()’ function may execute a double-free when NF_DROP is issued with a drop error resembling NF_ACCEPT.

Exploitation of CVE-2024-1086 enables attackers with local access to elevate privileges on the target system, potentially achieving root-level access. Although the issue was addressed through a commit in January 2024, the fix has been backported to multiple stable kernel versions to ensure widespread protection.

However, in late March 2024, security researcher ‘Notselwyn’ published a detailed write-up and proof-of-concept (PoC) exploit on GitHub, demonstrating how threat actors could exploit the flaw on Linux kernel versions between 5.14 and 6.6. While most Linux distributions promptly released fixes, Red Hat delayed its fix until March, potentially leaving systems vulnerable to exploitation.

CISA has urged federal agencies to apply available patches by June 20, 2024, to mitigate the risk posed by CVE-2024-1086. In cases where immediate updating is not feasible, administrators are advised to implement specific mitigations, such as blocklisting ‘nf_tables’ if not actively used and restricting access to user namespaces.

In addition to the Linux kernel vulnerability, CISA also added CVE-2024-24919, an information disclosure flaw affecting VPN devices from Check Point, to the KEV catalog. This vulnerability, deemed worse than initially reported, underscores the importance of timely security updates and thorough vulnerability assessments to safeguard critical infrastructure and networks.

Share This


Wordpress (0)
Disqus (0 )