CISA adds Linux kernel flaw to KEV list

The Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities catalog to include a use-after-free security issue impacting Linux kernel versions from 5.14 to 6.6, tracked as CVE-2024-1086, which could be leveraged to enable arbitrary code execution and privilege escalation, SecurityWeek reports.

While CISA has not reported any active exploitation of the vulnerability in ransomware attacks, federal agencies have been urged to address the bug — which affects Red Hat, AlmaLinux, SUSE, Ubuntu, Gentoo, and other Linux distributions — by June 20.

Such an advisory comes months after the emergence of proof-of-concept exploit code developed by Notselwyn that had a 99.4% success rate.

"The exploit is data-only and performs a kernel-space mirroring attack (KSMA) from userland with the novel Dirty Pagedirectory technique (pagetable confusion), where it is able to link any physical address (and its permissions) to virtual memory addresses by performing just read/writes to userland addresses," said Notselwyn.