Cisa added the Linux kernel vulnerability to the list of known vulnerabilities (KEV), citing active exploitation.
CVE-2024-1086 (CVSS 3.1 Score: 7.8) is associated with a USE-AFTER-FREE (UAF) flaw in the Netfilter component of the Linux kernel, enabling a local attacker to escalate privileges from a normal user to Root and execute arbitrary code. The vulnerability was patched in January 2024, but the specific nature of attacks leveraging the vulnerability is currently unknown.
Netfilter is a Linux kernel feature that allows for various network operations through user handlers, aiding in package filtering, broadcasting network addresses, and port forwarding.
Additionally, the KEV list included a recently discovered flaw impacting Check Point network gateway security products (CVE-2024-24919 with a CVSS 3.1 Score of 7.5). This vulnerability permits attackers to access specific information on Internet-connected gateways through VPN or mobile access. Recorded attack attempts primarily target remote access scenarios utilizing outdated local accounts with insecure password authentication.
Given the active exploitation of CVE-2024-1086 and CVE-2024-24919, federal agencies are advised to apply the latest patches by June 20, 2024, to safeguard their networks against potential threats.