The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2024-1086 (CVSS score: 7.8), the high-severity issue relates to a use-after-free bug in the netfilter component that permits a local attacker to elevate privileges from a regular user to root and possibly execute arbitrary code.
Netfilter is a framework provided by the Linux kernel that allows the implementation of various network-related operations in the form of custom handlers to facilitate packet filtering, network address translation, and port translation.
Also added to the KEV catalog is a newly disclosed security flaw impacting Check Point network gateway security products (CVE-2024-24919, CVSS score: 7.5) that allows an attacker to read sensitive information on Internet-connected Gateways with remote access VPN or mobile access enabled.
In light of the active exploitation of CVE-2024-1086 and CVE-2024-24919, federal agencies are recommended to apply the latest fixes by June 20, 2024, to protect their networks against potential threats.
Source: https://thehackernews.com/