CVE-2024-1086

Warnung

Exploit

EPSS 84.81%
Veröffentlicht 31.01.2024 13:15:10
Zuletzt bearbeitet 02.04.2025 20:32:33
Quelle cve-coordination@google.com
Teams Watchlist Login
Unerledigt Login

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.

We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 17

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.15 < 5.15.149

Linux ≫ Linux Kernel Version >= 6.1 < 6.1.76

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.15

Linux ≫ Linux Kernel Version >= 6.7 < 6.7.3

Linux ≫ Linux Kernel Version6.8 Updaterc1

Fedoraproject ≫ Fedora Version39

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0_s390x

Redhat ≫ Enterprise Linux For Power Big Endian Version7.0_ppc64

Redhat ≫ Enterprise Linux For Power Little Endian Version7.0_ppc64le

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Debian ≫ Debian Linux Version10.0

Netapp ≫ A250 Firmware Version-

Netapp ≫ A250 Version-

Netapp ≫ 500f Firmware Version-

Netapp ≫ 500f Version-

Netapp ≫ C250 Firmware Version-

Netapp ≫ C250 Version-

30.05.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Linux Kernel Use-After-Free Vulnerability

Schwachstelle

Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	84.81%	0.993

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cve-coordination@google.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Mailing List

https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/

Mailing List

http://www.openwall.com/lists/oss-security/2024/04/10/22

Patch

Mailing List

http://www.openwall.com/lists/oss-security/2024/04/10/23

Patch

Mailing List