CISA Mandates Federal Agencies to Address Linux Kernel Vulnerability

February 5, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has instructed federal agencies to fortify their systems against a high-risk Linux kernel flaw, known as CVE-2024-53104, within a three-week timeframe. This vulnerability is currently being actively exploited in cyberattacks.

The CVE-2024-53104 flaw was first identified in the 2.6.26 version of the kernel and Google issued a patch for Android users recently. The Android February 2025 security updates have warned that, "There are indications that CVE-2024-53104 may be under limited, targeted exploitation."

The vulnerability is a result of an out-of-bounds write weakness in the USB Video Class (UVC) driver, leading to a 'physical escalation of privilege with no additional execution privileges needed' on devices that have not been patched. The problem arises when the driver fails to parse UVC_VS_UNDEFINED frames accurately within the uvc_parse_format function, leading to incorrect calculations of frame buffer size and potential out-of-bounds writes.

The GrapheneOS development team has suggested that this vulnerability in the USB peripheral driver is likely being exploited by forensic data extraction tools, although Google has not provided further information on the zero-day attacks exploiting this vulnerability.

In line with the Binding Operational Directive (BOD) 22-01 issued in November 2021, U.S. federal agencies are required to protect their networks from ongoing attacks targeting flaws included in CISA's Known Exploited Vulnerabilities catalog. CISA has set a deadline of February 26 for Federal Civilian Executive Branch (FCEB) agencies to patch their Linux and Android devices. CISA has warned that these vulnerabilities are commonly exploited by malicious cyber actors and pose serious risks to the federal enterprise.

On Tuesday, CISA also flagged high-risk and critical vulnerabilities in Microsoft .NET Framework and Apache OFBiz (Open For Business) software as being actively exploited. However, details regarding the threat actors behind these attacks were not provided.

In collaboration with Five Eyes cybersecurity agencies in the UK, Australia, Canada, New Zealand, and the U.S., CISA also shared security guidance for network edge devices. The agencies urged manufacturers to enhance forensic visibility to enable defenders to detect attacks and investigate breaches more effectively.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.