Known Linux Kernel Bug Being Actively Exploited

By

Privilege escalation bug has been modified, says NIST.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a Linux kernel vulnerability to the Known Exploited Vulnerabilities (KEV) catalog, reports Steven J. Vaughan-Nichols.

CVE-2024-1086, a “use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component, can be exploited to achieve local privilege escalation,” according to NIST.

In other words, “a local attacker could escalate privileges from a regular user to root in no time flat. Adding insult to injury, this vulnerability was present in pretty much all the major Linux distributions, including Debian, Fedora, Red Hat, and Ubuntu,” Vaughan-Nichols explains.

Although a fix has been in place since January 2024, “this vulnerability has been modified and is currently undergoing reanalysis,” NIST says. An updated vulnerability summary is due soon.

Read more at Open Source Watch.
 
 
 

 
 
 

06/06/2024
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=