Vulnerabilities > CVE-2024-1086 - Use After Free vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/04/10/22
- http://www.openwall.com/lists/oss-security/2024/04/10/23
- http://www.openwall.com/lists/oss-security/2024/04/14/1
- http://www.openwall.com/lists/oss-security/2024/04/15/2
- http://www.openwall.com/lists/oss-security/2024/04/17/5
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
- https://github.com/Notselwyn/CVE-2024-1086
- https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
- https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/[email protected]/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/
- https://news.ycombinator.com/item?id=39828424
- https://pwning.tech/nftables/
- https://security.netapp.com/advisory/ntap-20240614-0009/
- http://www.openwall.com/lists/oss-security/2024/04/10/22
- https://security.netapp.com/advisory/ntap-20240614-0009/
- https://pwning.tech/nftables/
- https://news.ycombinator.com/item?id=39828424
- https://lists.fedoraproject.org/archives/list/[email protected]/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
- https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
- https://github.com/Notselwyn/CVE-2024-1086
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
- http://www.openwall.com/lists/oss-security/2024/04/17/5
- http://www.openwall.com/lists/oss-security/2024/04/15/2
- http://www.openwall.com/lists/oss-security/2024/04/14/1
- http://www.openwall.com/lists/oss-security/2024/04/10/23