CVE-2024-1086
Linux Kernel Use-After-Free Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
9Exploited in Wild
YesDecision
Descriptions
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.
We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Una vulnerabilidad de use after free en el componente netfilter: nf_tables del kernel de Linux puede explotarse para lograr una escalada de privilegios local. La función nft_verdict_init() permite valores positivos como error de eliminación dentro del veredicto del gancho y, por lo tanto, la función nf_hook_slow() puede causar una vulnerabilidad double free cuando NF_DROP se emite con un error de eliminación similar a NF_ACCEPT. Recomendamos actualizar después del compromiso f342de4e2f33e0e39165d8639387aa6c19dff660.
A flaw was found in the Netfilter subsystem in the Linux kernel. This issue occurs in the nft_verdict_init() function, allowing positive values as a drop error within the hook verdict, therefore, the nf_hook_slow() function can cause a double-free vulnerability when NF_DROP is issued with a drop error that resembles NF_ACCEPT. The nf_tables component can be exploited to achieve local privilege escalation.
Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2024-01-30 CVE Reserved
- 2024-01-31 CVE Published
- 2024-04-07 First Exploit
- 2024-05-30 Exploited in Wild
- 2024-06-20 KEV Due Date
- 2024-08-01 CVE Updated
- 2024-08-15 EPSS Updated
CWE
- CWE-416: Use After Free
CAPEC
- CAPEC-233: Privilege Escalation
References (21)
| URL | Date | SRC |
|---|---|---|
| https://github.com/Notselwyn/CVE-2024-1086 | 2024-08-01 | |
| https://github.com/feely666/CVE-2024-1086 | 2024-06-10 | |
| https://github.com/CCIEVoice2009/CVE-2024-1086 | 2024-04-07 | |
| https://github.com/pl0xe/CVE-2024-1086 | 2024-08-20 | |
| https://github.com/xzx482/CVE-2024-1086 | 2024-04-07 | |
| https://github.com/kevcooper/CVE-2024-1086-checker | 2024-06-10 | |
| http://www.openwall.com/lists/oss-security/2024/04/14/1 | 2024-08-01 | |
| http://www.openwall.com/lists/oss-security/2024/04/17/5 | 2024-08-01 | |
| https://pwning.tech/nftables | 2024-08-01 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-1086 | 2024-06-25 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2262126 | 2024-06-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.15 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 5.15.149" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1 < 6.1.76 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.1.76" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.2 < 6.6.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.6.15" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.7 < 6.7.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.7.3" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.8 Search vendor "Linux" for product "Linux Kernel" and version "6.8" | rc1 |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 39 Search vendor "Fedoraproject" for product "Fedora" and version "39" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems" | 7.0_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems" and version "7.0_s390x" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Big Endian Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian" | 7.0_ppc64 Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian" and version "7.0_ppc64" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" | 7.0_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" and version "7.0_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||