CVE-2024-1086

high-risk
Published 2024-01-31

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

Do I need to act?

!
85.4% chance of exploitation in next 30 days
EPSS score — higher than 15% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (13)

Affected Vendors

Debian Redhat Linux Fedoraproject Netapp

References (29)

Mailing List http://www.openwall.com/lists/oss-security/2024/04/10/22
Mailing List http://www.openwall.com/lists/oss-security/2024/04/10/23
Exploit http://www.openwall.com/lists/oss-security/2024/04/14/1
Mailing List http://www.openwall.com/lists/oss-security/2024/04/15/2
Exploit http://www.openwall.com/lists/oss-security/2024/04/17/5
Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f3...
Exploit https://github.com/Notselwyn/CVE-2024-1086
Patch https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
Mailing List https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
Mailing List https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Issue Tracking https://news.ycombinator.com/item?id=39828424
Exploit https://pwning.tech/nftables/
Third Party Advisory https://security.netapp.com/advisory/ntap-20240614-0009/
Mailing List http://www.openwall.com/lists/oss-security/2024/04/10/22
Mailing List http://www.openwall.com/lists/oss-security/2024/04/10/23
Exploit http://www.openwall.com/lists/oss-security/2024/04/14/1
Mailing List http://www.openwall.com/lists/oss-security/2024/04/15/2
Exploit http://www.openwall.com/lists/oss-security/2024/04/17/5
Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f3...
and 9 more references
68
/ 100
high-risk
Severity 24/34 · High
Exploitability 27/34 · High
Exposure 17/34 · Moderate