Linux kernel: Attackers attack older security leaks
The US IT security authority CISA warns of attacks on older security leaks in the Linux kernel.
A security vulnerability in Linux puts systems at risk.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Vulnerabilities in the Linux kernel are being targeted by attackers and are being actively abused. The US IT security authority CISA is currently warning of this. Anyone still using an older kernel should update to the latest version as soon as possible.
In a notification, CISA only mentions the CVE vulnerability entries of the attacked security gaps. Information on the attacks themselves is completely missing. The scope of the attacks and the target of the malicious actors is therefore unclear.
Linux vulnerabilities attacked
Both vulnerabilities can be found in the ALSA audio code. At the end of December, Linux developers fixed potential access outside designated memory areas through ALSA USB support for Extigy and Mbox devices. Manipulated devices could return previously manipulated values, the further use of which leads to such out-of-memory accesses, for example when executing the usb_destroy_configuration function and apparently the execution of injected code(CVE-2024-53197, no CVSS).
Videos by heise
The second vulnerability is also found in the ALSA stack (Advanced Linux Sound Architecture). When searching for clock sources, read accesses outside the memory limits can occur because the USB audio driver code had not checked the length of the bLength structure of clock descriptors. Manipulated devices can pass values here that trigger the vulnerability (CVE-2024-53150, CVSS 7.8, risk “high”). This vulnerability was also patched in various kernel branches around last Christmas.
Based on the vulnerability description, it can be assumed that attackers may have taken over vulnerable systems by planting manipulated USB hardware on people working on them. However, it cannot be ruled out that the vulnerable code can be accessed in other ways. As there is no concrete evidence of the observed attacks, it is not possible to deduce how attacked systems can be identified.
Updated kernels have been available since the end of last year. IT managers should ensure that they use the latest kernel versions on computers and other hardware with Linux kernels, such as NAS systems, and apply available updates quickly.
Attackers are abusing security gaps on various systems. For example, Microsoft had to patch vulnerabilities in Windows operating systems on April Patchday, which were also already being attacked by criminals in the wild.
(dmk)
