The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Thursday that a security vulnerability affecting the Linux kernel has been added to the Known Exploited Vulnerabilities (KEV) catalog, with evidence of active exploitation.
Identified as CVE-2024-1086 (CVSS score: 7.8), this high-severity issue is related to a use-after-free bug in the netfilter component, allowing a local attacker to escalate privileges and potentially execute arbitrary code.
CISA stated, “Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.”
Netfilter is a framework within the Linux kernel that enables various network-related operations for packet filtering and address translation.
The vulnerability was patched in January 2024, although the specific nature of the attacks exploiting the flaw remains unknown.
Additionally, a new security flaw impacting Check Point network gateway security products (CVE-2024-24919, CVSS score: 7.5) has been added to the KEV catalog, allowing attackers to access sensitive information on Gateways with remote access VPN or mobile access enabled.
In light of the active exploitation of CVE-2024-1086 and CVE-2024-24919, federal agencies are advised to apply the latest patches by June 20, 2024, to safeguard their networks against potential threats.