CISA confirmed on Thursday that a high-severity privilege escalation flaw in the Linux kernel is now being exploited in ransomware attacks.
While the vulnerability (tracked as CVE-2024-1086) was disclosed on January 31, 2024, as a use-after-free weakness in the netfilter: nf_tables kernel component and was fixed via a commit submitted in January 2024, it was first introduced by a decade-old commit in February 2014.
Successful exploitation enables attackers with local access to escalate privileges on the target system, potentially resulting in root-level access to compromised devices.
As Immersive Labs explains, potential impact includes system takeover once root access is gained (allowing attackers to disable defenses, modify files, or install malware), lateral movement through the network, and data theft.
In late March 2024, a security researcher using the 'Notselwyn' alias published a detailed write-up and proof-of-concept (PoC) exploit code targeting CVE-2024-1086 on GitHub, showcasing how to achieve local privilege escalation on Linux kernel versions between 5.14 and 6.6.
The flaw impacts many major Linux distributions, including but not limited to Debian, Ubuntu, Fedora, and Red Hat, which use kernel versions from 3.15 to 6.8-rc1
In a Thursday update to its catalog of vulnerabilities exploited in the wild, the U.S. cybersecurity agency said the flaw is now known to be used in ransomware campaigns, but didn't provide more information regarding ongoing exploitation attempts.
CISA added this security flaw to its Known Exploited Vulnerabilities (KEV) catalog in May 2024 and ordered federal agencies to secure their systems by June 20, 2024.
If patching is not possible, IT admins are advised to apply one of the following mitigations:
Blocklist 'nf_tables' if it's not needed/actively used,
Restrict access to user namespaces to limit the attack surface,
Load the Linux Kernel Runtime Guard (LKRG) module (however, this can cause system instability)."These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA said. "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable."
(Score: 4, Insightful) by FuzzyTheBear on Sunday November 02, @04:29PM (2 children)
That was patched a hell of a long time ago.
https://security-tracker.debian.org/tracker/CVE-2024-1086 [debian.org]
I don't know why you post this .
Really ..
(Score: 1, Informative) by Anonymous Coward on Sunday November 02, @05:05PM
Because it is recently confirmed in the wild as an active and successful exploit?
(Score: 5, Informative) by janrinok on Sunday November 02, @07:00PM
Why did we report it? Because of 31 Oct 2025 :
There is plenty of software that is used in hospitals, government departments, municipal offices etc that is not, and in some case cannot, be updated.
[nostyle RIP 06 May 2025]
(Score: 4, Insightful) by Gaaark on Sunday November 02, @09:31PM (3 children)
they can do A LOT of damage if they have local access. They don't even need an exploit...
--- Please remind me if I haven't been civil to you: I'm channeling MDC. I have always been here. ---Gaaark 2.0 --
(Score: 1, Troll) by canopic jug on Monday November 03, @03:23AM
We've seen this kind of thing several times before in the past. It's a distraction from the massive, and growing, volume of active Windoze exploits seen in the wild and other M$-specific problems flooding the net at the moment. And the reason it's being highlighted now is because there has been a little bit of positive coverage of Linux in the press of late, especially in relation to Windoze problems including but not limited to Vista10 EOL. That can't be allowed to happen. Thus the media which is effectively M$-owned via its partners advertisements there is forced to cast aspersions on Linux. Bleeping Computer is a prominent example of that kind of media.
The goal is to prevent managers from even considering upgrades away from Windoze through the Microsoft Effect: all software has bugs, therefore one should just stick with M$. Never mind that there are huge differences in the natures, quantities, and scopes of said bugs. Those details are to be kept out of sight, out of mind, again, so as to prevent managers from even considering the idea of upgrading to Linux.
If the attacker already has local access, which is the prerequisite for this exploit, there's relatively little need to escalate privileges further.
Money is not free speech. Elections should not be auctions.
(Score: 2) by Freeman on Monday November 03, @06:46PM
The trusty wrench xkcd comes to mind. Once they have physical access, many things become possible.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by canopic jug on Wednesday November 05, @06:26PM
they can do A LOT of damage if they have local access. They don't even need an exploit...
Yes, precisely. Because local access is a prerequisite for this exploit there's relatively little need to escalate privileges further. With local access they can maintain persistent long term control, destroy, modify, or exfiltrate data, and so on.
Articles like this and others found at Bleeping Computer are mostly noise, churnalism [dictionary.com]. However, they have an important (for m$) side goal of preventing managers from even considering upgrades away from Windoze via the Microsoft Effect which is a variant of sour grapes: By ignoring the varying scope and severity of the software bugs, they can pretend that all bugs are equal, and then, since Linux has bugs too, they can conclude that one should just stick with M$.
The giant differences in the natures, quantities, and scopes of said bugs is set aside for that to happen. Thus managers are discouraged or even prevented from considering the idea of upgrading to Linux.
We've seen this kind of distraction tactic again and again from Redmond and its minions. It's not like Windoze exploits ever go away either. There are still Windoze problems floating around from 2017 [helpnetsecurity.com] FFS.
Money is not free speech. Elections should not be auctions.