Attacks exploiting the high-severity Linux kernel bug, tracked as CVE-2024-1086, were observed by the Cybersecurity and Infrastructure Security Agency to have been deployed by ransomware groups more than a year after the flaw was included in its Known Exploited Vulnerabilities catalog, reports Security Affairs.More details regarding the use-after-free flaw within the Linux kernel's netfilter: nf_tables component, which could be leveraged for local privilege escalation, were not provided by CISA. Major Linux distributions, including Red Hat, Ubuntu, Debian, and Fedora, were impacted by the vulnerability, which was discovered by researcher Notselwyn."When you try to reproduce the bug yourselves, the kernel may panic, even when all mitigations are disabled. This is because certain fields of the skb such as pointers get corrupted when the skb is freed. As such, we should try to avoid usage of these fields. Fortunately, I found a way to bypass all usage which could lead to a panic or usual errors and get a highly reliable double-free primitive," said Notselwyn.
Ransomware, Vulnerability Management
Ransomware intrusions with old Linux kernel bug reemerge
(Adobe Stock)
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds