Multiple Linux Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-45751 CVSS:7.4

Linux target framework (tgt) could allow a remote attacker to bypass security restrictions, caused by the use of a cryptographically insecure random number generator for CHAP authentication. By utilizing replay attack techniques, an attacker could exploit this vulnerability to bypass CHAP authentication to modify the iSCSI target.

CVE-2024-43102 CVSS:5.5

Linux Kernel is vulnerable to a denial of service, caused by an use-after-free in umtx. A local authenticated attacker could exploit this vulnerability to cause a denial of service.

Impact

Security Bypass
Denial of Service

Indicators of Compromise

CVE

CVE-2024-45751
CVE-2024-43102

Affected Vendors

Linux

Affected Products

Linux target framework (tgt) 1.0.92
FreeBSD FreeBSD - 14.1-RELEASE

Remediation

Upgrade to the latest version of Linux , available from the GIT Repository.

North Korean APT Kimsuky aka Black Banshee – Active IOCs

Kimsuky Uses New Malware FPSpy and KLogEXE in Focused Attacks – Active IOCs

Multiple Linux Products Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan