Summary: CISA has mandated U.S. federal agencies to secure systems against a critical Linux kernel vulnerability (CVE-2024-53104) within three weeks due to its active exploitation in attacks. The flaw, linked to the USB Video Class driver, allows escalation of privileges on unpatched devices. Agencies must patch their devices by February 26, 2025, to mitigate significant risks posed by this vulnerability.
Affected: U.S. Federal Agencies, Linux and Android devices
Keypoints :
- Vulnerability CVE-2024-53104 affects Linux kernel versions since 2.6.26 and is currently being actively exploited.
- The flaw relates to an out-of-bounds write in the USB Video Class driver, allowing privilege escalation without additional permissions.
- CISA has given a strict deadline of three weeks for federal agencies to patch their systems to enhance security against these threats.