CVE-2024-1086

CVSS V2 None CVSS V3 None
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Overview
  • CVE ID
  • CVE-2024-1086
  • Assigner
  • Google
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-01-31T12:14:34.073Z
  • Last Modified Date
  • 2024-01-31T12:14:34.073Z
Weakness Enumerations
CWE URL
CWE-416 http://cwe.mitre.org/data/definitions/416.html
References
Reference URL Reference Tags
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660 patch
https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/
https://github.com/Notselwyn/CVE-2024-1086
https://news.ycombinator.com/item?id=39828424
https://pwning.tech/nftables/
http://www.openwall.com/lists/oss-security/2024/04/15/2
http://www.openwall.com/lists/oss-security/2024/04/10/23
http://www.openwall.com/lists/oss-security/2024/04/10/22
http://www.openwall.com/lists/oss-security/2024/04/14/1
http://www.openwall.com/lists/oss-security/2024/04/17/5
https://security.netapp.com/advisory/ntap-20240614-0009/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2024-1086
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1086
History
Created Old Value New Value Data Type Notes
2024-06-26 06:41:01 Added to TrackCVE