CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Privilege Escalation Vulnerability in Linux Kernel Exploited in Ransomware Attacks

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A high-severity privilege escalation flaw in the Linux kernel (CVE-2024-1086) is being exploited in ransomware attacks. Disclosed in January 2024, the vulnerability allows attackers with local access to escalate privileges to root level. It affects multiple major Linux distributions, including Debian, Ubuntu, Fedora, and Red Hat. The flaw was introduced in February 2014 and fixed in January 2024. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed the exploitation in ransomware campaigns and added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog in May 2024. Federal agencies were ordered to secure their systems by June 20, 2024. Mitigations include blocking 'nf_tables', restricting access to user namespaces, or loading the Linux Kernel Runtime Guard (LKRG) module.

Timeline

  1. 31.10.2025 15:05 1 articles · 10d ago

    CISA Confirms Exploitation of Linux Kernel Privilege Escalation Flaw in Ransomware Attacks

    CISA confirmed on October 31, 2025, that the high-severity privilege escalation flaw in the Linux kernel (CVE-2024-1086) is being exploited in ransomware attacks. The flaw, disclosed in January 2024, allows attackers to escalate privileges to root level on compromised devices. It affects multiple major Linux distributions and was introduced in February 2014. CISA added the flaw to its Known Exploited Vulnerabilities (KEV) catalog in May 2024 and ordered federal agencies to secure their systems by June 20, 2024. Mitigations include blocking 'nf_tables', restricting access to user namespaces, or loading the Linux Kernel Runtime Guard (LKRG) module.

    Show sources
    Open in new tab

Information Snippets