- CVE-2024-1086, a Linux kernel flaw, is now being exploited in active ransomware campaigns
- The bug allows local escalation of privilege and affects major distributions like Ubuntu and Red Hat.
- CISA Recommends Patching or Mitigation, Warning of Significant Risk to Federal and Enterprise Systems
The US government is warning that a Linux flaw introduced more than a decade ago – and patched more than a year ago – is being actively used in ransomware attacks.
In February 2014, a vulnerability was introduced into the Linux kernel via a commit. The bug was first disclosed in late January 2024 and described as a “use-after-free weakness of the netfilter kernel component: nf_tables.” It was patched later that month and labeled CVE-2024-1086. Its severity score is 7.8/10 (high) and can be exploited to obtain local privilege escalation.
A few months after the patch was released, security researchers released proof-of-concept (PoC) exploit code, demonstrating how to achieve local privilege escalation and reporting that the bug affects most major Linux distributions, including Debian, Ubuntu, Fedora, and Red Hat.
KEV Updates
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), a government agency responsible for protecting the nation’s critical infrastructure from physical and cyber threats, added the bug to its Catalog of Known Exploited Vulnerabilities (KEV) in May 2024 and gave Federal Civilian Executive Branch (FCEB) agencies until June 20, 2024 to patch or completely stop using the vulnerable software.
When CISA adds a bug to KEV, it means that it has found compelling evidence that the bug is actively used in the wild.
Now, CISA has updated its KEV entry for the bug, saying it is now known to be used in ransomware campaigns. Unfortunately, it has not yet clarified which threat actor was using it, or who its targets were.
In any case, if you haven’t already, make sure to patch your Linux distributions, or at least block ‘nf_tables’, restrict access to user namespaces, or load the Linux Kernel Runtime Guard (LKRG) module, as these are known mitigations. While mitigations can work, they can also destabilize the system, so patching remains the best advice.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said. “Apply mitigation measures according to the supplier’s instructions or stop using the product if mitigation measures are not available.”
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
