A naukri.com initiative
Securityaffairs
3w
61
Image Credit: Securityaffairs
U.S. CISA adds Linux Kernel flaw to its Known Exploited Vulnerabilities catalog
- U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Linux Kernel vulnerability to its Known Exploited Vulnerabilities catalog.
- The specific vulnerability is the Google Chromium V8 Out-of-Bounds Read and Write Vulnerability, tracked as CVE-2023-0386.
- CVE-2023-0386 has a CVSS score of 7.8 and is an improper ownership vulnerability that can escalate privileges on vulnerable systems.
- The flaw in the Linux kernel allows unauthorized access to the execution of setuid files with capabilities.
- CISA advises addressing the identified vulnerabilities to protect networks against attacks exploiting the flaws in the catalog.
- Federal agencies are mandated to fix these vulnerabilities by July 8, 2025, as per Binding Operational Directive 22-01.
- Private organizations are also encouraged to review the Catalog and address vulnerabilities in their infrastructure.
- CISA's directive aims to reduce significant risks from known exploited vulnerabilities.
- To stay updated on security news, follow @securityaffairs on Twitter, Facebook, and Mastodon.
- Author: Pierluigi Paganini
Read Full Article
3 Likes
For uninterrupted reading, download the app