[BCLUG] Federal agency warns critical Linux vulnerability being actively exploited

Ron / BCLUG admin at bclug.ca
Fri May 31 15:26:47 EDT 2024


News is out about a fairly severe Linux vulnerability.


This is a new one:

> Federal agency warns critical Linux vulnerability being actively
> exploited
> 
> Cybersecurity and Infrastructure Security Agency urges affected users
> to update ASAP.

> The vulnerability, tracked as CVE-2024-1086 and carrying a severity 
> rating of 7.8 out of a possible 10, allows people who have already 
> gained a foothold inside an affected system to escalate their system 
> privileges. It’s the result of a use-after-free error, a class of 
> vulnerability that occurs in software written in the C and C++ 
> languages when a process continues to access a memory location after 
> it has been freed or deallocated. Use-after-free vulnerabilities can 
> result in remote code or privilege escalation.


https://arstechnica.com/security/2024/05/federal-agency-warns-critical-linux-vulnerability-being-actively-exploited/



More information about the Discuss mailing list