CVE-2024-1086

HIGH CISA KEV EPSS 97.9%
Published Jan 31, 20242y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Jan 31, 2024 2y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed May 30, 2024 2y ago
KEV Due Jun 20, 2024 745d overdue

Description

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

CISA Known Exploited Overdue 745d
Added
May 30, 2024
Due
Jun 20, 2024

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

EPSS Exploit Probability
97.9% percentile
Exploit & Patch Status
Actively Exploited (KEV)
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 19

VendorProductVersionRange
linuxlinux_kernel*≥3.15  –  <5.15.149
linuxlinux_kernel*≥6.1  –  <6.1.76
linuxlinux_kernel*≥6.2  –  <6.6.15
linuxlinux_kernel*≥6.7  –  <6.7.3
linuxlinux_kernel6.8any
fedoraprojectfedora39any
redhatenterprise_linux_desktop7.0any
redhatenterprise_linux_for_ibm_z_systems7.0_s390xany
redhatenterprise_linux_for_power_big_endian7.0_ppc64any
redhatenterprise_linux_for_power_little_endian7.0_ppc64leany
redhatenterprise_linux_server7.0any
redhatenterprise_linux_workstation7.0any
debiandebian_linux10.0any
netappa250_firmware*any
netappa250*any
netapp500f_firmware*any
netapp500f*any
netappc250_firmware*any
netappc250*any

References 15

  • openwall.com http://www.openwall.com/lists/oss-security/2024/04/10/22
    Mailing ListPatch
  • openwall.com http://www.openwall.com/lists/oss-security/2024/04/10/23
    Mailing ListPatch
  • openwall.com http://www.openwall.com/lists/oss-security/2024/04/14/1
    ExploitMailing List
  • openwall.com http://www.openwall.com/lists/oss-security/2024/04/15/2
    Mailing List
  • openwall.com http://www.openwall.com/lists/oss-security/2024/04/17/5
    ExploitMailing List
  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
    Patch
  • github.com https://github.com/Notselwyn/CVE-2024-1086
    ExploitThird Party Advisory
  • kernel.dance https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
    Mailing List
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/
    Mailing List
  • news.ycombinator.com https://news.ycombinator.com/item?id=39828424
    Issue Tracking
  • pwning.tech https://pwning.tech/nftables/
    ExploitTechnical DescriptionThird Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20240614-0009/
    Third Party Advisory
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1086
    US Government Resource

Remediation

  • openwall.com http://www.openwall.com/lists/oss-security/2024/04/10/22
    Mailing ListPatch
  • openwall.com http://www.openwall.com/lists/oss-security/2024/04/10/23
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
    Patch
  • kernel.dance https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
    Patch