CISA Warns of Actively Exploited Linux Kernel and Check Point Gateway Vulnerabilities

Today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two actively exploited vulnerabilities affecting the Linux Kernel and Check Point Quantum Security Gateways. These vulnerabilities, recently added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, underscore the critical need for swift action to protect systems and data from malicious actors.

Linux Kernel Use-After-Free Vulnerability (CVE-2024-1086): A Widespread Threat

The first vulnerability, identified as CVE-2024-1086, resides in the Linux Kernel’s netfilter: nf_tables component. This use-after-free flaw, initially discovered by security researcher Notselwyn, opens a dangerous pathway for attackers to escalate privileges and gain control over vulnerable systems. The vulnerability affects a broad range of Linux versions, from v5.14.21 up to v6.6.14, putting popular distributions like Debian and Ubuntu at risk.

Security researcher Notselwyn brought this vulnerability to light, providing technical details, proof-of-concept (PoC), and demonstrative exploit code on GitHub.

While patches for this flaw were released in February 2024, unpatched systems remain exposed. Given the widespread use of the Linux Kernel, the potential impact of this vulnerability is significant. System administrators and users are strongly urged to update their Linux installations to the latest patched versions immediately.

Check Point Quantum Security Gateways Information Disclosure Vulnerability (CVE-2024-24919): A Corporate Network Risk

The second vulnerability, designated as CVE-2024-24919, affects Check Point Quantum Security Gateways. This unspecified information disclosure vulnerability allows attackers to access sensitive information on internet-connected Gateways with certain features enabled. The vulnerability impacts several Check Point product lines, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.

Check Point has released hotfixes for various versions of their affected products, and organizations utilizing these Gateways are strongly advised to apply the updates promptly. The exact details of how this vulnerability is being exploited in the wild remain undisclosed, adding an element of urgency to the mitigation efforts.

CISA’s Call to Action: Federal Agencies Must Act Quickly

CISA has mandated that all federal agencies address these vulnerabilities by June 20, 2024, underscoring the critical nature of the situation. While the details of the attacks leveraging these vulnerabilities are not publicly available, the evidence of active exploitation necessitates immediate action to protect systems and infrastructure.