The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that ransomware gangs are taking advantage of a serious vulnerability in Linux kernels. The issue, known as CVE-2024-1086, allows attackers to gain local privilege escalation and was introduced in 2014 but patched just last month.
This flaw affects multiple major Linux distributions, including Debian, Ubuntu, Fedora, and Red Hat, from kernel versions 3.15 to 6.8-rc1. The vulnerability is a use-after-free issue that can cause the kernel to panic when certain fields are used after being freed.
Researchers have demonstrated local privilege escalation on affected Linux kernels 5.14 to 6.6. CISA added the flaw to its list of Known Exploited Vulnerabilities in March, but did not provide details about the ransomware attacks or the groups responsible for exploiting it.
Source: https://securityaffairs.com/184076/security/old-linux-kernel-flaw-cve-2024-1086-resurfaces-in-ransomware-attacks.html