Hello Linux users, 

CISA recently added a high-severity Linux kernel privilege elevation flaw in the netfilter: nf_tables component to its Known Exploited Vulnerabilities (KEV) catalog. Exploiting this vulnerability enables a local attacker to gain root-level access on kernel versions 5.14.21 to 6.6.14, steal data, install malware, or carry out other malicious actions.

Read on to learn how to secure your systems against this severe vulnerability. You’ll also get updates on other issues affecting your open-source programs and applications that threaten your sensitive data and system security. 

If you gained valuable information from reading today’s newsletter, please share it with a fellow security geek. Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from enthusiastic, insightful community members who share our love for Linux and security!

Stay safe out there,

Brittany Signature 150 Esm W150

Linux Kernel

The Discovery 

CISA recently warned of a high-severity Linux kernel privilege elevation flaw (CVE-2024-1086) in the netfilter: nf_tables component, which has been added to its Known Exploited Vulnerabilities (KEV) catalog. Exploiting this vulnerability allows a local attacker to gain root-level access on kernel versions 5.14.21 to 6.6.14.

LinuxKernel Esm W206

The Impact

Exploiting this vulnerability enables a local attacker to steal data, install malware, or carry out other malicious actions.

The Fix

Essential Linux kernel security updates have been released to fix this flaw. We strongly recommend that all impacted users update immediately to secure their critical systems and protect their sensitive information.

Your Related Advisories:

Register to Customize Your Advisories

Chromium

The Discovery 

CISA also recently warned of severe and actively exploited zero-day flaws discovered in Chromium, the open-source web browser project that is the foundation of Google Chrome. According to CISA, "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise."

Chromium Esm W225

The Impact

These vulnerabilities could lead to system disruption and data breaches.

The Fix

Critical Chromium security bug fixes have been released to mitigate these vulnerabilities. We urge all impacted users to update as soon as possible to safeguard their sensitive data and maintain system availability.

Your Related Advisories:

Register to Customize Your Advisories

Firefox

The Discovery 

Have you updated to mitigate recent Firefox denial of service and information disclosure vulnerabilities? These bugs include memory management issues and the potential exploitation of users accessing maliciously crafted websites.

Firefox Esm W220

The Impact

These issues could enable attackers to access sensitive data or disrupt services.

The Fix

Firefox security updates have been released to fix these vulnerabilities. We strongly encourage all impacted users to update as soon as possible to protect their sensitive information and the availability of their systems.

Your Related Advisories:

Register to Customize Your Advisories