CISA warns of attacks on Linux kernel vulnerability

The stream of news about currently attacked security vulnerabilities in software continues unabated. The US IT security authority CISA is now warning of further attacks, for example on a gap in the Linux kernel and the vulnerabilities in VMware products that became known on Tuesday.

In CISA's warning, the authority discusses that malicious actors are abusing a vulnerability in Linux that can be traced back to uninitialized resources. In the HID core (Human Interface Device, such as keyboards and mice), the report buffer was not initialized, which is used by all kinds of drivers in various ways. As a result, kernel memory can be read without authorization(CVE-2024-50302, CVSS 7.8, risk “high” – originally only classified as CVSS 5.5, risk “medium”). Kernel patches and thus updated kernels that zero the buffer before use have been available since November.

VMware security vulnerabilities

CISA also warns of the vulnerabilities in VMware ESXi, Fusion, and Workstation that have already been attacked. Broadcom had already issued a security warning for this yesterday, Tuesday, which the US authority is now taking up.

As usual, the IT security authority from the USA does not discuss what the attacks look like and to what extent they occur. However, IT managers should react urgently and take immediate countermeasures, for example by applying the available updates.

On Tuesday of this week, CISA had already warned of observed attacks in the wild on vulnerabilities in Cisco's RV routers, Hitachi Vantara, WhatsUp Gold and Windows. However, these were mostly much older vulnerabilities for which software patches have been available for more than a year to fix them. Admins must install updates promptly – before they are forgotten and thus provide a target for cyber criminals.

(dmk)