ClickCease CISA Adds Critical Linux Kernel Vulnerability to its KEV Catalog

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

CISA Adds Critical Linux Kernel Vulnerability to its KEV Catalog

by Rohan Timalsina

September 25, 2024 - TuxCare expert team

CISA has issued a warning about three new vulnerabilities that are being actively exploited. These vulnerabilities pose a significant risk to organizations and should be patched immediately. Among them, CVE-2017-1000253 is a critical Linux kernel vulnerability that could lead to privilege escalation by a local attacker.

As a frequent target for malicious actors, the Linux kernel is central to many enterprise systems. Therefore, unpatched vulnerabilities can expose these systems to significant risks.

Let’s explore these vulnerabilities that have been added to CISA’s Known Exploited Vulnerabilities Catalog and the proactive steps necessary to mitigate them, particularly focusing on the Linux kernel vulnerability

 

Linux Kernel Vulnerability: CVE-2017-1000253

 

This vulnerability was identified in Linux distributions that did not patch their long-term kernels with a critical update in April 2015. The issue lies within how the load_elf_binary() function of the Linux kernel maps PIE binaries into memory. When CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE is enabled and a normal top-down address allocation strategy is used, the function fails to allocate enough memory for the entire binary. This oversight causes subsequent segments to overwrite the gap between the stack and the binary, leading to a buffer overflow that can be exploited by attackers.

The flaw was fixed with the kernel commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86, but many systems remained unpatched, making them vulnerable to exploitation.

 

ImageMagick Vulnerability: CVE-2016-3714

 

Another vulnerability added to the CISA catalog is CVE-2016-3714, also known as “ImageTragick.” This vulnerability, present in ImageMagick before versions 6.9.3-10 and 7.x before 7.0.1-1, allows remote attackers to execute arbitrary code by sending maliciously crafted images. The flaw stems from improper input validation, where shell metacharacters in the image are processed, leading to command execution on the target system.

 

SonicWall’s SonicOS Vulnerability: CVE-2024-40766

 

The third vulnerability, CVE-2024-40766, was identified in SonicWall’s SonicOS that could allow unauthorized access to firewall resources. This vulnerability affects Gen 5, Gen 6, and Gen 7 devices running older versions of SonicOS. Attackers could exploit this flaw to bypass access controls and potentially cause firewall crashes, posing a risk to network security.

 

Patching Linux Kernel Vulnerabilities

 

The CVE-2017-1000253 vulnerability within the Linux kernel is an important reminder that kernel-level security issues can have devastating effects if left unpatched. Federal agencies are required to comply with Binding Operational Directive (BOD) 22-01, which mandates the remediation of vulnerabilities listed in the Known Exploited Vulnerabilities Catalog. However, CISA strongly urges organizations outside the federal government to adopt similar practices to reduce their attack surface.

For Linux system administrators, regular kernel patching is a critical component of a secure IT environment. Some strategies to mitigate vulnerabilities like CVE-2017-1000253 include:

 

Timely Patch Management: Ensure that all Linux distributions are running up-to-date kernels that have patched known vulnerabilities.

Live Patching: For enterprises that cannot afford downtime, live patching tools like KernelCare Enterprise can be implemented to apply security patches without having to reboot the system. KernelCare also automates the deployment of patches, ensuring they are applied immediately when available. This reduces the risk of missing or delayed patches.

The KernelCare team has already deployed a live patch for CVE-2017-1000253. You can track the availability of live patches for Linux kernel vulnerabilities across various distributions using TuxCare’s CVE tracker.

 

Source: CISA Alert

Summary
CISA Adds Critical Linux Kernel Vulnerability to its KEV Catalog
Article Name
CISA Adds Critical Linux Kernel Vulnerability to its KEV Catalog
Description
Learn about the Linux kernel vulnerability (CVE-2017-1000253) and essential strategies for patching and securing Linux systems.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!