Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

US government warns on critical Linux security flaw, urges users to patch immediately

Linux penguin logo.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new flaw to its Known Exploited Vulnerabilities (KEV) catalog, signaling in-the-wild abuse, and giving federal agencies a patching deadline.

The vulnerability is described as a “use-after-free” flaw, found in Linux kernels from 5.14.21 up to 6.6.14. Popular Linux distros such as Debian and Ubuntu seem to be particularly vulnerable.

A “use-after-free” vulnerability is a type of memory corruption bug that happens when a program continues to use a pointer after the memory it points to has been freed. This can lead to various unpredictable behaviors, including crashes, data corruption, and, more critically, security breaches such as arbitrary code execution. 

Time to patch

In this particular scenario, threat actors could abuse the vulnerability to achieve local privilege escalation, giving administrator privileges to users with basic access. 

The good news is that kernels version 6.4 and newer, with specific configurations (like CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y) don’t seem to be affected. Additionally, the exploit requires user namespaces and nf_tables to be enabled, which are default settings in many distributions.

The vulnerability has been assigned a CVSS score of 7.8, indicating high severity. However, patches for most distros were made available in February 2024, meaning that a quick and easy fix is available, and there is no need for complicated workarounds.

With the latest addition to the KEV catalog, federal agencies have until June 20 to apply the patch and secure their premises, or stop using vulnerable programs entirely. 

While CISA usually warns government agencies exclusively, that doesn’t mean that organizations in the private sector should ignore the warning. Instead, all Linux users should make sure they avoid keeping vulnerable kernels running, since many threat actors won’t be particularly picky when it comes to their targets. 

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.