CVE-2024-1086

Warning

Exploit

EPSS 84.81%
Published 31.01.2024 13:15:10
Last modified 02.04.2025 20:32:33
Source cve-coordination@google.com
Teams watchlist Login
Open Login

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.

We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

Affected products Warnungen 1 Metrics 3 CWE 1 References 17

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.15 < 5.15.149

Linux ≫ Linux Kernel Version >= 6.1 < 6.1.76

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.15

Linux ≫ Linux Kernel Version >= 6.7 < 6.7.3

Linux ≫ Linux Kernel Version6.8 Updaterc1

Fedoraproject ≫ Fedora Version39

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0_s390x

Redhat ≫ Enterprise Linux For Power Big Endian Version7.0_ppc64

Redhat ≫ Enterprise Linux For Power Little Endian Version7.0_ppc64le

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Debian ≫ Debian Linux Version10.0

Netapp ≫ A250 Firmware Version-

Netapp ≫ A250 Version-

Netapp ≫ 500f Firmware Version-

Netapp ≫ 500f Version-

Netapp ≫ C250 Firmware Version-

Netapp ≫ C250 Version-

30.05.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Linux Kernel Use-After-Free Vulnerability

Vulnerability

Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	84.81%	0.993

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cve-coordination@google.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Mailing List

https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/

Mailing List

http://www.openwall.com/lists/oss-security/2024/04/10/22

Patch

Mailing List

http://www.openwall.com/lists/oss-security/2024/04/10/23

Patch

Mailing List