Cybersecurity Alert: Exploitation of Older Linux Kernel Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the exploitation of older security vulnerabilities within the Linux kernel. Administrators of systems running outdated kernels are urged to upgrade to the latest versions promptly.

In its advisory, CISA has highlighted specific CVE entries related to the vulnerabilities that are being actively targeted. However, details about the nature and extent of these attacks remain sparse, leaving questions about the intentions of the attackers and the impact on affected systems.

The vulnerabilities in question are associated with the Advanced Linux Sound Architecture (ALSA) audio code. In late December, Linux developers addressed potential memory access violations related to ALSA USB support for Extigy and Mbox devices. Prior to the fix, compromised devices could return manipulated values, leading to memory access violations during the execution of functions like usb_destroy_configuration, potentially allowing the execution of arbitrary code (CVE-2024-53197, no CVSS score available).

The second vulnerability identified is also within the ALSA stack. It pertains to read accesses that exceed memory boundaries when searching for clock sources, caused by the USB audio driver failing to validate the length of the bLength structure in clock descriptors. Here too, manipulated devices could pass values that trigger this vulnerability (CVE-2024-53150, CVSS 7.8, categorized as high risk). This vulnerability was also patched across various kernel versions around the same time.

Given the nature of these vulnerabilities, it is plausible that attackers may have gained control over vulnerable systems by introducing compromised USB hardware to users. However, it cannot be ruled out that the vulnerable code could be exploited through other methods. The lack of concrete information regarding the observed attacks means that identifying compromised systems remains a challenge.

Updated kernel versions have been available since late last year. IT administrators are strongly advised to ensure that all systems and hardware running Linux kernels, including Network Attached Storage (NAS) systems, are operating with the most current kernel versions and that pending updates are applied without delay.

In related news, security vulnerabilities are being exploited across various systems. Recently, Microsoft issued patches for vulnerabilities in its Windows operating systems, which have also been targeted by cybercriminals.