CVE-2024-0193
Kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.
Se encontrĂ³ un fallo de use after free en el subsistema netfilter del kernel de Linux. Si el elemento general se recolecta como basura cuando se retira el conjunto de pipapo, el elemento se puede desactivar dos veces. Esto puede causar un problema de use-after-free en un objeto NFT_CHAIN o NFT_OBJECT, lo que permite a un usuario local sin privilegios escalar sus privilegios en el sistema.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-01-02 CVE Reserved
- 2024-01-02 CVE Published
- 2024-02-29 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (8)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2255653 | 2024-07-09 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1018 | 2024-07-09 | |
https://access.redhat.com/errata/RHSA-2024:1019 | 2024-07-09 | |
https://access.redhat.com/errata/RHSA-2024:1248 | 2024-07-09 | |
https://access.redhat.com/errata/RHSA-2024:2094 | 2024-07-09 | |
https://access.redhat.com/errata/RHSA-2024:4412 | 2024-07-09 | |
https://access.redhat.com/errata/RHSA-2024:4415 | 2024-07-09 | |
https://access.redhat.com/security/cve/CVE-2024-0193 | 2024-07-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
|