CISA adds Two Linux Kernel bugs to KEV Catalog

CISA adds Two Linux Kernel bugs to KEV Catalog

1

The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Linux kernel vulnerabilities, CVE-2024-53150 and CVE-2024-53197, to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities are actively exploited in the wild and pose significant risks to affected systems.

CVE-2024-53150: Linux Kernel Out-of-Bounds Read Vulnerability

  • Type: Information Disclosure.
  • Description:
  • This vulnerability is caused by an out-of-bounds read in the Linux kernel, specifically affecting Android systems.
  • It allows local attackers to access sensitive data from kernel memory without requiring user interaction.
  • Exploitation can lead to the exposure of encryption keys, credentials, or other sensitive information.
  • Impact:
  • Enables attackers to leak memory content from kernel space to user space, making it a stealthy and effective tool for surveillance or data exfiltration.
  • Mitigation:
  • Google’s April 2025 Android security update includes patches for this vulnerability.
  • Organizations should apply the latest kernel updates and monitor systems for signs of compromise.

CVE-2024-53197: Linux Kernel Out-of-Bounds Access Vulnerability

  • Type: Local Privilege Escalation.
  • Description:
  • This vulnerability is an out-of-bounds access bug found in the USB-audio driver for ALSA (Advanced Linux Sound Architecture) devices in the Linux kernel.
  • Exploitation allows attackers to escalate privileges locally by connecting a malicious USB device.
  • Impact:
  • Grants attackers elevated privileges, enabling them to compromise Android systems connected to USB devices.
  • Part of a sophisticated zero-day exploit chain used to unlock confiscated Android devices.
  • Mitigation:
  • Apply Google’s April 2025 Android security update, which addresses this vulnerability.
  • Disable USB device access on sensitive systems where possible and monitor for unusual USB activity.

Exploitation Context

  • These vulnerabilities are part of a zero-day exploit chain allegedly developed by Cellebrite, a digital forensics vendor, and used by Serbian law enforcement to unlock confiscated Android devices.
  • The exploit chain includes other vulnerabilities such as:
  • CVE-2024-53104: USB Video Class zero-day (patched in February 2025).
  • CVE-2024-50302: Human Interface Device (HID) zero-day (patched in March 2025).

CISA Recommendations

Patch Systems:

  • Federal Civilian Executive Branch (FCEB) agencies are required to patch systems affected by these vulnerabilities by April 30, 2025, under Binding Operational Directive (BOD) 22-01.
  • All organizations are strongly urged to prioritize remediation as part of their vulnerability management practices.

Monitor for Exploitation:

  • Deploy advanced monitoring tools to detect unauthorized access or unusual activity related to USB devices and kernel memory.

Enhance Security Posture:

  • Implement endpoint protection solutions and restrict USB device access on critical systems.
Tags:

1 Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.