The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added a safety flaw impacting the Linux kernel to the Recognized Exploited Vulnerabilities (KEV) catalog, bringing up proof of energetic exploitation.
Tracked as CVE-2024-1086 (CVSS rating: 7.8), the high-severity factor pertains to a use-after-free computer virus within the netfilter element that allows an area attacker to carry privileges from a typical consumer to root and in all probability execute arbitrary code.
“Linux kernel comprises a use-after-free vulnerability within the netfilter: nf_tables element that permits an attacker to succeed in native privilege escalation,” CISA stated.
Netfilter is a framework supplied through the Linux kernel that permits the implementation of quite a lot of network-related operations within the type of customized handlers to facilitate packet filtering, community deal with translation, and port translation.
The vulnerability used to be addressed in January 2024. That stated, the precise nature of the assaults exploiting the flaw is right now unknown.
Additionally added to the KEV catalog is a newly disclosed safety flaw impacting Test Level community gateway safety merchandise (CVE-2024-24919, CVSS rating: 7.5) that permits an attacker to learn delicate data on Web-connected Gateways with far flung get admission to VPN or cellular get admission to enabled.
In gentle of the energetic exploitation of CVE-2024-1086 and CVE-2024-24919, federal businesses are really useful to use the most recent fixes through June 20, 2024, to give protection to their networks towards doable threats.