CISA warned users of a serious vulnerability in Linux under active attack. Although the vulnerability has already been patched, it remains vulnerable to random systems, allowing attackers to exploit the flaw.

Linux vulnerability found under active attack despite patch

As per latest Advisory From CISA, a new Linux vulnerability is under active attack, threatening users worldwide. CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, which verifies active exploitation and vulnerability severity.

has been identified as CVE-2024-1086The risk is error free after one use netfilter: nf_tables Exploiting this component allows an adversary with local access to gain elevated privileges (such as root access) on the target Linux system. As described in the NVD vulnerability description,

Use-free vulnerability in the Linux kernel netfilter: nf_tables The component can be used to gain local privilege escalation. gave nft_verdict_init() The function allows positive values ​​as drop errors. hook decision, and therefore nf_hook_slow() A function can cause a double-free hazard when NF_DROP The drop is issued with an error that resembles NF_ACCEPT.

The Linux developers identified this vulnerability as a January 2024 commitment (commit f342de4e2f33e0e39165d8639387aa6c19dff660

While the CISA advisory doesn’t elaborate much on the exploit, it does explain it with the researcher alias “notselwyn”. Detailed post. The researcher also presented a POC exploit (combined on GitHub), demonstrating an increase in local privilege.

Although the vulnerability was quickly patched, the vulnerability became acute due to inefficient systems. As shed light By Jonathan Wright The developers of Red Hat Enterprise Linux (RHEL) did not push a fix in time, marking the vulnerability with a moderate severity level, which left many people out. Vulnerable Linux systems.

Understandably, unpatched systems are always profitable for threat actors, often resulting in widespread exploitation waves. Although the CVE-2024-1086 exploit was minimally visible, it still led to serious active attacks.

Deploy patch by June 20th.

Given the seriousness of the issue, CISA added the vulnerability to its KEV Catalog, instructing organizations to patch their systems by June 20, 2024. nf_tablesrestrict access to user namespaces, and load the Linux Kernel Runtime Guard (LKRG) module.

Along with this vulnerability, CISA added the recently highlighted Checkpoint VPN vulnerability, CVE-2024-24919, to its KEV catalog.

Let us know your thoughts in the comments.

Source link