CISA confirmed on Thursday that a high-severity privilege escalation flaw in the Linux kernel is now being exploited in ransomware attacks.

While the vulnerability (tracked as CVE-2024–1086) was disclosed on January 31, 2024, as a use-after-free weakness in the netfilter: nf_tables kernel component and was fixed via a commit submitted in January 2024, it was first introduced by a decade-old commit in February 2014.

Successful exploitation enables attackers with local access to escalate privileges on the target system, potentially resulting in root-level access to compromised devices.