May 31, 2024 at 07:36AM
CISA warns of active exploitation of Linux kernel vulnerability CVE-2024-1086, enabling local attackers to elevate privileges. Affected versions range from 5.14 to 6.6, potentially impacting all versions since 3.15. Various distributions are confirmed affected, with potential for more. Proof-of-concept code has been published, and successful exploitation may lead to arbitrary code execution. CISA advises prompt patching or mitigation.
Key meeting takeaways:
– CISA issued a warning about threat actors actively exploiting a vulnerability in the Linux kernel, known as CVE-2024-1086, that allows local attackers to elevate their privileges.
– The bug affects Linux kernel versions between 5.14 and 6.6, with potential impact on all kernel iterations from version 3.15.
– Patches for the vulnerability were released in February 2024, with confirmed impacts on various Linux distributions including AlmaLinux, Debian, Gentoo, Red Hat, SUSE, and Ubuntu, while other distributions may also be vulnerable.
– The bug hunter, Notselwyn, who discovered the CVE-2024-1086, published a proof-of-concept (PoC) code with a high success rate and warned of the vulnerability being trivial to exploit.
– Successful exploitation of the vulnerability can lead to a crash or arbitrary code execution in the kernel, and potentially allows for the targeting of a universal root shell.
– CISA added CVE-2024-1086 to its Known Exploited Vulnerabilities (KEV) catalog and highlighted the urgent need for organizations, particularly federal agencies, to apply the available patches or mitigations by June 20, per BOD 22-01. CISA also recommended all organizations to prioritize timely remediation to reduce exposure to cyberattacks.