CISA Adds Two Known Exploited Vulnerabilities to Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, which are being actively exploited by malicious cyber actors. The vulnerabilities, CVE-2024-53197 and CVE-2024-53150, are Linux Kernel Out-of-Bounds Access and Read Vulnerabilities, respectively. These types of vulnerabilities are common attack vectors and pose significant risks to the federal enterprise. The Known Exploited Vulnerabilities Catalog was established by Binding Operational Directive (BOD) 22-01 to reduce the risk of known vulnerabilities to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect their networks against active threats. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. The Catalog is a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. FCEB agencies must remediate identified vulnerabilities by the due date to comply with BOD 22-01. CISA's goal is to reduce the risk of cyberattacks by promoting timely remediation of Catalog vulnerabilities.