Red Hat Enterprise Linux

The critical use-after-free vulnerability in the Linux kernel, designated CVE-2024-36904, has significant implications for Red Hat Enterprise Linux and its derivatives. This flaw, existing undetected for seven years, impacts the TCP subsystem enabling remote code execution with kernel privileges. The revelation of this vulnerability through a public PoC exploit by security researchers raises alarm, as it bypasses kernel defenses under specific conditions. Enterprises deploying Red Hat and related systems are at risk of a complete system compromise, endangering the integrity and confidentiality of their operations. Immediate patching has been advised to mitigate risks, with a patch released in July 2024. This vulnerability not only highlights the necessity of continual vigilance in cybersecurity but also underscores the latent threats residing in long-standing systems.

Source: https://cybersecuritynews.com/use-after-free-linux-kernel-vulnerability/

"id": "red318031825",
"linkid": "red-hat",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"