CISA Urges Federal Agencies to Patch Critical Linux Kernel Vulnerability
Bleeping Computer
|
Contributed by: Drex DeFord
Summary
CISA has directed federal agencies to address a serious vulnerability in the Linux kernel, known as CVE-2024-53104, which is actively being exploited. Originating from an out-of-bounds write issue in the USB Video Class driver, this flaw allows for privilege escalation on unpatched devices. Google has released a patch for Android users, but the vulnerability requires immediate attention from federal agencies, as it falls under the November 2021 Binding Operational Directive that mandates securing networks against such risks. The deadline for compliance is set at three weeks.
