Normal view

Received before yesterday

Ongoing Ransomware Attacks Exploit Critical Linux Kernel Vulnerability (CVE-2024-1086)

✇Cybersecurity News and Magazine
By:Ashish Khaitan
3 November 2025 at 08:14

CVE-2024-1086

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a serious warning after confirming that a critical flaw in the Linux Kernel, tracked as CVE-2024-1086, is being actively exploited in ongoing ransomware attacks targeting Linux systems worldwide.  CVE-2024-1086 is a use-after-free vulnerability in the Linux Kernel’s netfilter: nf_tables component. The flaw arises when the nft_verdict_init() function improperly allows positive values to be used as a drop error within the hook verdict, which can lead to a double-free scenario in nf_hook_slow() when NF_DROP is mishandled.  Although the faulty code originated from a commit introduced back in February 2014, the vulnerability was not officially disclosed until January 31, 2024. A patch to address it was submitted in January 2024. 

Scope and Impact of CVE-2024-1086

The Linux Kernel flaw affects versions from 3.15 up to 6.8-rc1, meaning a wide range of major Linux distributions are vulnerable. Impacted systems include:  Ubuntu: 18.04, 20.04, 22.04, and 23.10  Red Hat Enterprise Linux (RHEL): 
  • RHEL 7 – 3.10.0-1062.4.1.el7 
  • RHEL 8 – 4.18.0-147.el8 
  • RHEL 9 – 5.14.0-362.24.2.el9_3 
Debian: kernel version 6.1.76-1  Exploitation of CVE-2024-1086 allows attackers with local access to escalate their privileges to root level, granting full control of compromised systems. With root access, threat actors can disable security protections, install malware, move laterally within a network, steal data, and deploy ransomware payloads. 

Ransomware Connection and Agency Action

CISA has now confirmed that CVE-2024-1086 is being used in ransomware attacks. The vulnerability was initially added to the agency’s Known Exploited Vulnerabilities (KEV) catalog on May 30, 2024, with federal agencies ordered to apply security patches or mitigations no later than June 20, 2024.  In its official statement, CISA described this Linux Kernel flaw as a “frequent attack vector for malicious cyber actors,” emphasizing the significant risks it poses to government and enterprise networks alike. Agencies and organizations are instructed to follow vendor guidance for patching or discontinue use of affected products if no fixes are available. 

Exploit Availability and Threat Landscape

In late March 2024, a security researcher using the alias Notselwyn released a detailed write-up and a proof-of-concept (PoC) exploit for CVE-2024-1086. The PoC demonstrated how attackers could achieve local privilege escalation on Linux kernel versions ranging from 5.14 to 6.6.  According to security researchers, the exploit has proven to be highly reliable, showing success rates exceeding 99% in some tests. The public availability of this exploit code, combined with confirmed use in ransomware operations, significantly increases the risk of widespread attacks. 

Mitigation and Recommended Actions

System administrators are advised to verify immediately whether their Linux installations are affected. Running the command uname -r will reveal the kernel version in use. If the version falls between 3.15 and 6.8-rc1, the system may still be vulnerable.  To protect against exploitation: 
  • Update to Linux Kernel 6.8-rc2 or later, or apply vendor-provided patches. 
  • Blocklist the nf_tables module if it is not required. 
  • Restrict access to user namespaces to minimize the attack surface. 
  • Consider loading the Linux Kernel Runtime Guard (LKRG) module to add runtime protection, though administrators should be aware that it may affect system stability. 

Ubuntu Touch 24.04-1.0 released

✇OSNews
By:Thom Holwerda
30 September 2025 at 19:22

With Google closing up Android at a rapid pace, there’s some renewed interest in mobile platforms that aren’t either iOS or Android, and one of those is Ubuntu Touch. It’s been steadily improving over the years under the stewardship of the UBports Foundation, and today they released Ubuntu Touch 24.04-1.0.

Ubuntu Touch 24.04-1.0 is the first release of Ubuntu Touch which is based on Ubuntu 24.04 LTS, a major upgrade from Ubuntu 20.04. This might not be as big compared to our last upgrade from Ubuntu 16.04 to 20.04, but this still brings newer software stack to Ubuntu Touch (such as Qt 5.15).

↫ Ubuntu Touch 24.04-1.0 release announcement

In this release, aside from the upgrade to Ubuntu 24.04 LTS, there’s now also a light mode for the shell, including experimental support for switching themes on the fly. Applications already supported a light theme since the previous releases, so adding support for it in the main shell is a welcome improvement. We’ve also got experimental support for encrypting personal data, which needs to be enabled per device, which I think indicates not all devices support it. On top of that, there’s some changes to the phone application, and a slew of smaller fixes and improvements as well.

The list of supported devices has grown as well, with the Fairphone 5 as the newcomer this release. The list is still relatively small, but to be fair to the project, it includes a number of popular devices, as well as a few that are still readily available. If you want to opt for running Ubuntu Touch as your smartphone platform, there’s definitely plenty of devices to choose from.

❌