【Vulnerability Alert】High-Risk Security Vulnerability in Linux Kernel (CVE-2024-1086)

【Vulnerability Alert】High-Risk Security Vulnerability in Linux Kernel (CVE-2024-1086) - Immediate Action Required!

publish date : 2024-06-14 update date : 2024-06-14

Source: Ministry of education information & communication security contingency platform


Publication Number	TACERT-ANA-2024061310064545	Publication Time	2024/06/13 10:01
Incident Type	ANA-Vulnerability Alert	Discovery Time	2024/06/13 10:01
Impact Level	Medium
[Subject] 【Vulnerability Alert】High-Risk Security Vulnerability in Linux Kernel (CVE-2024-1086) - Immediate Action Required!
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202406-00000099 Researchers have identified a use-after-free vulnerability (CVE-2024-1086) in the Linux Kernel. This vulnerability allows local attackers with general user privileges to escalate to administrator privileges. The vulnerability has already been exploited by attackers. Immediate verification and updating are required. Multiple Linux operating systems are affected, including Redhat, Ubuntu, Debian, and CentOS. The following Linux Kernel versions are vulnerable: ●3.15 to 5.15.149 (exclusive) ●6.1 to 6.1.76 (exclusive) ●6.2 to 6.6.15 (exclusive) ●6.7 to 6.7.3 (exclusive) ●6.8-rc1 Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] ●Linux Kernel versions 3.15 to 5.15.149 (exclusive) ●Linux Kernel versions 6.1 to 6.1.76 (exclusive) ●Linux Kernel versions 6.2 to 6.6.15 (exclusive) ●Linux Kernel versions 6.7 to 6.7.3 (exclusive) ●Linux Kernel versions 6.8-rc1
[Recommended Actions] The official updates for this vulnerability have been released. Please refer to the official guidelines for updating: ● Redhat: https://access.redhat.com/security/cve/CVE-2024-1086 ● Ubuntu: https://ubuntu.com/security/CVE-2024-1086 ● Debian: https://security-tracker.debian.org/tracker/CVE-2024-1086 ● CentOS: https://lists.centos.org/pipermail/centos-announce/2024-March/099235.html ● Uniontech:https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA2024-000633 ● Kylinos: https://kylinos.cn/support/loophole/patch/5561.html ●Fedora:https://lists.fedoraproject.org/archives/list/packageannounce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/
[Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2024-1086 2. https://access.redhat.com/security/cve/CVE-2024-1086 3. https://ubuntu.com/security/CVE-2024-1086 4. https://security-tracker.debian.org/tracker/CVE-2024-1086 5. https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2024-000633 6. https://kylinos.cn/support/loophole/patch/5561.html 7. https://lists.fedoraproject.org/archives/list/packageannounce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/ 8. https://lists.centos.org/pipermail/centos-announce/2024-March/099235.html

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center