Detections
Analytics
CVE-2024-1086
high
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
References
https://securelist.com/vulnerabilities-and-exploits-in-q4-2024/115761/
https://thehackernews.com/2024/05/cisa-alerts-federal-agencies-to-patch.html
https://news.ycombinator.com/item?id=39828424
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
https://github.com/Notselwyn/CVE-2024-1086
http://www.openwall.com/lists/oss-security/2024/04/17/5
http://www.openwall.com/lists/oss-security/2024/04/15/2
http://www.openwall.com/lists/oss-security/2024/04/14/1
Details
Published: 2024-01-31
Updated: 2025-04-02
Named Vulnerability: bitpixieNamed Vulnerability: Flipping PagesNamed Vulnerability: Dirty PagedirectoryNamed Vulnerability: Chicken0248Known Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 6.8
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
Severity: Medium
CVSS v3
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: High
EPSS
EPSS: 0.849