Subj : US government warns Linux flaw is now being exploited for ransomw To : All From : TechnologyDaily Date : Mon Nov 03 2025 17:30:08 US government warns Linux flaw is now being exploited for ransomware attacks Date: Mon, 03 Nov 2025 17:23:00 +0000 Description: A bug patched a year ago is now being used for ransomware - so make sure you patch immediately. FULL STORY ======================================================================CVE-2024 -1086, a Linux kernel flaw, is now exploited in active ransomware campaigns The bug enables local privilege escalation and affects major distros like Ubuntu and Red Hat CISA urges patching or mitigation, warning of significant risk to federal and enterprise systems The US government is warning that a Linux flaw introduced more than a decade ago - and fixed more than a year ago - is being actively used in ransomware attacks. In February 2014, a vulnerability was introduced into the Linux kernel via a commit. The bug was first disclosed in late January 2024, and described as a use-after-free weakness in the netfilter: nf_tables kernel component. It was fixed later that month, and was given a label CVE-2024-1086. Its severity score is 7.8/10 (high) and can be exploited to achieve local privilege escalation. A few months after the patch was released, security researchers published proof-of-concept (PoC) exploit code, demonstrating how to achieve local privilege escalation, and reporting that the bug affects most major Linux distros , including Debian, Ubuntu, Fedora, and Red Hat. Updates to KEV The US Cybersecurity and Infrastructure Security Agency (CISA), a government agency responsible for protecting the nations critical infrastructure from physical and cyber threats, added the bug to its Known Exploited Vulnerabilities (KEV) catalog in May 2024 and gave Federal Civilian Executive Branch (FCEB) agencies until June 20, 2024, to patch up or stop using the vulnerable software entirely. When CISA adds a bug to KEV, it means that it found compelling evidence that the bug is being actively used in the wild. Now, CISA has updated its KEV entry for the bug, saying that it is now known to be used in ransomware campaigns. Unfortunately, it didnt say which threat actor was using it, or who its targets were, so far. In any case, if you havent already - make sure to patch your Linux distros, or at least block nf_tables, restrict access to user namespaces, or load the Linux Kernel Runtime Guard (LKRG) module, since these are known mitigations. While the mitigations might work, they might also destabilize the system, so patching still remains the best advice. "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA said. "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable." Via BleepingComputer Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button! And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too. ====================================================================== Link to news story: https://www.techradar.com/pro/security/us-government-warns-linux-flaw-is-now-b eing-exploited-for-ransomware-attacks --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .