Linux kernel: Attackers attack older security leaks.
The US IT security authority CISA warns of attacks on older security leaks in the Linux kernel.
Vulnerabilities in the Linux kernel are being targeted by attackers and are being actively abused. The US IT security authority CISA is currently warning of this. Anyone still using an older kernel should update to the latest version as soon as possible.
In a notification, CISA only mentions the CVE vulnerability entries of the attacked security gaps. Information on the attacks themselves is completely missing. The scope of the attacks and the target of the malicious actors is therefore unclear.
Both vulnerabilities can be found in the ALSA audio code. At the end of December, Linux developers fixed potential access outside designated memory areas through ALSA USB support for Extigy and Mbox devices. Manipulated devices could return previously manipulated values, the further use of which leads to such out-of-memory accesses, for example when executing the usb_destroy_configuration function and apparently the execution of injected code(CVE-2024-53197, no CVSS).
