CISA confirmed a high-severity privilege escalation flaw in the Linux kernel, tracked as CVE-2024-1086, is actively being exploited in ransomware attacks. This vulnerability, a use-after-free issue in the netfilter: nf_tables component, was disclosed on January 31, 2024, and patched shortly after. However, it originates from a commit made in February 2014. Attackers with local access can exploit this flaw to gain root-level control over affected systems, which allows them to disable security measures, modify files, or install malware. The flaw affects numerous major Linux distributions, including Debian, Ubuntu, Fedora, and Red Hat, covering kernel versions from 3.15 to 6.8-rc1. In late March 2024, a researcher named 'Notselwyn' published proof-of-concept exploit code for this vulnerability on GitHub, demonstrating local privilege escalation on kernel versions between 5.14 and 6.6. CISA added CVE-2024-1086 to its Known Exploited Vulnerabilities catalog in May 2024, mandating federal agencies to secure their systems by June 20, 2024. To mitigate risks, CISA recommends several actions for IT administrators if patching isn't feasible. These include blocklisting 'nf_tables' if it's not in use, restricting access to user namespaces, and loading the Linux Kernel Runtime Guard (LKRG) module, although the latter may lead to system instability. CISA emphasized the importance of addressing such vulnerabilities, as they are frequent targets for cybercriminals, posing significant risks to both government and enterprise environments.