CVE-2024-1086
HIGH CISA KEV EPSS 97.9%
Published Jan 31, 20242y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
Published Jan 31, 2024 2y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed May 30, 2024 2y ago
KEV Due Jun 20, 2024 745d overdue
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
CISA Known Exploited Overdue 745d
- Added
- May 30, 2024
- Due
- Jun 20, 2024
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
EPSS Exploit Probability
97.9% percentile
Exploit & Patch Status
Actively Exploited (KEV)
Patch Available
Weaknesses 1
CWE-416 Use After Free Memory Safety
Affected Products 19
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥3.15 – <5.15.149 |
| linux | linux_kernel | * | ≥6.1 – <6.1.76 |
| linux | linux_kernel | * | ≥6.2 – <6.6.15 |
| linux | linux_kernel | * | ≥6.7 – <6.7.3 |
| linux | linux_kernel | 6.8 | any |
| fedoraproject | fedora | 39 | any |
| redhat | enterprise_linux_desktop | 7.0 | any |
| redhat | enterprise_linux_for_ibm_z_systems | 7.0_s390x | any |
| redhat | enterprise_linux_for_power_big_endian | 7.0_ppc64 | any |
| redhat | enterprise_linux_for_power_little_endian | 7.0_ppc64le | any |
| redhat | enterprise_linux_server | 7.0 | any |
| redhat | enterprise_linux_workstation | 7.0 | any |
| debian | debian_linux | 10.0 | any |
| netapp | a250_firmware | * | any |
| netapp | a250 | * | any |
| netapp | 500f_firmware | * | any |
| netapp | 500f | * | any |
| netapp | c250_firmware | * | any |
| netapp | c250 | * | any |
References 15
- openwall.com http://www.openwall.com/lists/oss-security/2024/04/10/22
- openwall.com http://www.openwall.com/lists/oss-security/2024/04/10/23
- openwall.com http://www.openwall.com/lists/oss-security/2024/04/14/1
- openwall.com http://www.openwall.com/lists/oss-security/2024/04/15/2
- openwall.com http://www.openwall.com/lists/oss-security/2024/04/17/5
- git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
- github.com https://github.com/Notselwyn/CVE-2024-1086
- kernel.dance https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
- lists.debian.org https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
- lists.debian.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/
- news.ycombinator.com https://news.ycombinator.com/item?id=39828424
- pwning.tech https://pwning.tech/nftables/
- security.netapp.com https://security.netapp.com/advisory/ntap-20240614-0009/
- cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1086
Remediation
- openwall.com http://www.openwall.com/lists/oss-security/2024/04/10/22
- openwall.com http://www.openwall.com/lists/oss-security/2024/04/10/23
- git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
- kernel.dance https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660