June 4, 2023

The U.S. CISA adds the Linux kernel vulnerability, tracked as CVE-2021-3493, to its Known Exploited Vulnerabilities Catalog.

The CVE-2021-3493 is a Linux Kernel privilege escalation vulnerability. The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, leads to a privilege escalation.

Advertisements

Researchers from AT&T Alien Labs discovered a new piece of stealthy Linux malware, called Shikitega, that targets endpoints and IoT devices. The Shikitega infection chain leverages two Linux vulnerabilities for privilege escalation, the CVE-2021-3493 and CVE-2021-4034 (aka PwnKit).

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to address vulnerabilities by November 10, 2022

Tags:

Leave a Reply

You may have missed

Cisco buys Armorblox

Cisco buys Armorblox

June 3, 2023
CISA KEV Update Part I – May 2023

CISA KEV Update Part I – May 2023

June 3, 2023
Gigabyte Motherboards Backdoor’ed

Gigabyte Motherboards Backdoor’ed

June 3, 2023
MOVEit Vulnerability Exploited in Wild

MOVEit Vulnerability Exploited in Wild

June 2, 2023
CasePoint Suffers a Data Breach

CasePoint Suffers a Data Breach

June 2, 2023
CyberArk Identity Security Web Browser

CyberArk Identity Security Web Browser

June 1, 2023
%d bloggers like this: