- CVE-2024-1086, a Linux kernel flaw, is now exploited in active ransomware campaigns
- The bug enables local privilege escalation and affects major distros like Ubuntu and Red Hat
- CISA urges patching or mitigation, warning of significant risk to federal and enterprise systems
The US government is warning that a Linux flaw introduced more than a decade ago – and fixed more than a year ago – is being actively used in ransomware attacks.
In February 2014, a vulnerability was introduced into the Linux kernel via a commit. The bug was first disclosed in late January 2024, and described as a “use-after-free weakness in the netfilter: nf_tables kernel component”. It was fixed later that month, and was given a label CVE-2024-1086. Its severity score is 7.8/10 (high) and can be exploited to achieve local privilege escalation.
A few months after the patch was released, security researchers published proof-of-concept (PoC) exploit code, demonstrating how to achieve local privilege escalation, and reporting that the bug affects most major Linux distros, including Debian, Ubuntu, Fedora, and Red Hat.
The US Cybersecurity and Infrastructure Security Agency (CISA), a government agency responsible for protecting the nation’s critical infrastructure from physical and cyber threats, added the bug to its Known Exploited Vulnerabilities (KEV) catalog in May 2024 and gave Federal Civilian Executive Branch (FCEB) agencies until June 20, 2024, to patch up or stop using the vulnerable software entirely.
When CISA adds a bug to KEV, it means that it found compelling evidence that the bug is being actively used in the wild.
Now, CISA has updated its KEV entry for the bug, saying that it is now known to be used in ransomware campaigns. Unfortunately, it didn’t say which threat actor was using it, or who its targets were, so far.
In any case, if you haven’t already – make sure to patch your Linux distros, or at least block ‘nf_tables’, restrict access to user namespaces, or load the Linux Kernel Runtime Guard (LKRG) module, since these are known mitigations. While the mitigations might work, they might also destabilize the system, so patching still remains the best advice.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said. “Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.”
Via BleepingComputer
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News andadd us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
