– May 31, 2024 5:38 pm UTC
The US Cybersecurity and Infrastructure Security Agency has added a critical security bug in Linux to its list of vulnerabilities known to be actively exploited in the wild.
The vulnerability, tracked as CVE-2024-1086 and carrying a severity rating of 7.8 out of a possible 10, allows individuals who have already secured access to an affected system to escalate their system privileges. This flaw stems from a use-after-free error, a type of vulnerability that occurs in software programs written in the C and C++ programming languages, where a running process continues to utilize a memory position after it has been freed or deallocated. Such vulnerabilities can lead to remote code execution or privilege escalation.</ Sensor faults could destabilize devices, induce erratic behavior, or allow unauthorized access.
The issue influences Linux kernel versions 5.14 through 6.6 and is found in the NF_tables, a kernel component that supports the Netfilter, which facilitates various network tasks including packet filtering, network address and port translation (NAPT), packet logging, user space packet queuing, and other forms of packet manipulation. It was patched in January, but as the CISA advisory notes, some operational systems have not yet applied the patch. At the time this article was published, no details had emerged regarding the actual exploitation of this flaw.
A deep-dive write-up of the vulnerability shows that these issues provide “a very powerful double-free primitive when the right code paths are taken.” Double-free vulnerabilities belong to a category of use-after-free errors that happen when the free() function is called more than once on the same memory address. The document details several methods to exploit this flaw, including example code.
The double-free problem stems from a lack of proper input cleaning in netfilter verdicts when nf_tables and unprivileged user namespaces are active. Some of the most potent exploitation techniques enable arbitrary code execution within the kernel and might allow the introduction of a universal root shell.
CISA has mandated that federal agencies under its supervision apply a patch by June 20. The agency strongly advises all other organizations to update as promptly as possible.
ChicagoVPS is your gateway to unparalleled hosting solutions. Our state-of-the-art datacenters and powerful network ensures lightning-fast speeds and uninterrupted connectivity for your websites and applications. Whether you’re a startup looking for scalable resources or an enterprise in need of enterprise-grade hosting, our range of plans and customizable solutions guarantee a perfect fit. Trust in ChicagoVPS to deliver excellence, combining unmatched reliability and top-tier support.
For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@chicagovps.net.
