A security threat has surfaced on dark web forums: a zero-day exploit targeting a use-after-free (UAF) vulnerability in the Linux Kernel, specifically version 6.6.15-amd64. This use-after-free vulnerability, advertised for sale by an actor known as Cas, promises capabilities that include privileged code execution and potential access to sensitive data. According to the post, which has garnered attention from cybersecurity communities, the Linux Kernel vulnerability exploit is being offered for $150,000 in either Monero or Bitcoin. The threat actor Cas has specified that interested buyers must demonstrate proof of sufficient funds before any transaction can proceed, highlighting the illicit nature and high stakes of such transactions.

Use-After-Free Vulnerability Targets Linux Kernel

[caption id="attachment_78815" align="alignnone" width="1553"] Source: Dark Web[/caption] The Linux Kernel vulnerability, if successfully deployed, could allow malicious actors to escalate their privileges locally within affected systems, potentially executing code with root-level permissions. This type of vulnerability poses severe risks to both individual users and organizations relying on Linux-based systems. Selling Oday Use-after free in the Linux Kernel, you can use it to do a Privileged Code Execution (LPE (Local Privilege Escalation), or execute code with root privileges), (Data Leakage )..etc Affected version: 6.6.15-amd64. Environment arch: 64-bit and Price: 150k Monero & BTC", reads the threat actor post. Moderators on these forums have highlighted another individual, known as IntelBroker, who claims to have verified the proof-of-concept (PoC) behind the exploit privately. This endorsement adds credibility to Cas's offer, despite the lack of publicly available evidence.

Previous Instances and Industry Impact

Earlier, cybersecurity firm Rewterz reported a similar instance involving CVE-2024-36886, where a use-after-free flaw in the Linux Kernel (version 4.1) could be exploited by remote attackers to execute arbitrary code. This use-after-free vulnerability, triggered by fragmented TIPC messages, highlights ongoing challenges in securing Linux environments against sophisticated exploits. A use-after-free (UAF) vulnerability occurs when a program continues to access memory that has already been deallocated. This issue arises when dynamic memory allocation, typically managed by functions like free() in languages such as C or C++, is mishandled.  The program may inadvertently reference this freed memory, leading to unpredictable behavior such as crashes or security vulnerabilities. Exploitation of UAF vulnerabilities can allow attackers to manipulate the program's behavior, potentially executing arbitrary code or escalating privilege Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Check Point has issued an alert regarding a critical zero-day vulnerability identified in its Network Security gateway products. As per the Check Point warning This vulnerability, tracked as CVE-2024-24919 with a CVSS score of 8.6, has been actively exploited by threat actors in the wild. The affected products include CloudGuard Network, Quantum Maestro, Quantum Scalable […]

The post Check Point Warning: VPN Gateway Products’ Zero-Day Attack appeared first on TuxCare.

The post Check Point Warning: VPN Gateway Products’ Zero-Day Attack appeared first on Security Boulevard.