CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw

2024-05-30 17:45

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-1086 (CVSS score: 7.8), the high-severity issue relates to a use-after-free bug in the netfilter component that permits a local attacker to elevate privileges

News URL

https://thehackernews.com/2024/05/cisa-alerts-federal-agencies-to-patch.html

#cisa #kernel #linux #patch #CVE-2024-1086

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-31	CVE-2024-1086	Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. local low complexity linux fedoraproject redhat debian netapp CWE-416	7.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Linux		11	64	2312	1489	67	3932
Kernel		3	0	8	4	1	13

News URL

Related news

Related Vulnerability

Related vendor