High-Severity Linux Flaw Added to CISA’s KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Linux kernel vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation by malicious actors. The flaw, tracked as CVE-2024-1086, is a use-after-free vulnerability in the Linux kernel’s netfilter component. It allows a local attacker with basic user access to escalate their privileges to the root level, granting them complete control over a compromised system.

The vulnerability impacts a wide range of Linux distributions, and security patches have been issued by major vendors including Debian, Ubuntu, Red Hat, SUSE, and Fedora. Due to the confirmed in-the-wild exploitation, CISA has issued a directive mandating that Federal Civilian Executive Branch (FCEB) agencies apply the necessary patches. The deadline for this mandatory action is set for June 20, 2024.

Ransomware Gangs Leverage Flaw for Privilege Escalation

Security researchers have confirmed that ransomware gangs are actively exploiting CVE-2024-1086. The flaw is being used as part of post-compromise activities. After gaining initial access to a network, attackers use the vulnerability to gain root privileges on Linux systems. This elevated access facilitates their ability to move laterally across the network, disable security measures, and ultimately deploy their ransomware payloads to encrypt files and disrupt operations. The exploitation highlights the importance of timely patching for all organizations, not just federal agencies, to defend against these ongoing threats.

Source: https://www.bleepingcomputer.com/news/security/cisa-linux-privilege-escalation-flaw-now-exploited-in-ransomware-attacks/