CVE-2024-1086

Published: Jan 31, 2024Modified: Oct 27, 2025CISA KEV

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

Affected (16)

Products: Linux: Linux Kernel · Fedoraproject: Fedora · Redhat: Enterprise Linux Desktop, Enterprise Linux For Ibm Z Systems, Enterprise Linux For Power Big Endian, Enterprise Linux For Power Little Endian, Enterprise Linux Server, Enterprise Linux Workstation · +2 more

Show all products

Linux: Linux Kernel · Fedoraproject: Fedora · Redhat: Enterprise Linux Desktop, Enterprise Linux For Ibm Z Systems, Enterprise Linux For Power Big Endian, Enterprise Linux For Power Little Endian, Enterprise Linux Server, Enterprise Linux Workstation · Debian: Debian Linux · Netapp: A250 Firmware, 500f Firmware, C250 Firmware

1 product

1 product

6 products

Enterprise Linux Desktop

Enterprise Linux For Ibm Z Systems

Enterprise Linux For Power Big Endian

Enterprise Linux For Power Little Endian

Enterprise Linux Server

Enterprise Linux Workstation

1 product

3 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 3.15 to 5.15.149
Linux Linux Kernel	From 6.1 to 6.1.76
Linux Linux Kernel	From 6.2 to 6.6.15
Linux Linux Kernel	From 6.7 to 6.7.3
Linux Linux Kernel	Version 6.8 rc1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 39

Configuration C

6 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux For Ibm Z Systems	Version 7.0_s390x
Redhat Enterprise Linux For Power Big Endian	Version 7.0_ppc64
Redhat Enterprise Linux For Power Little Endian	Version 7.0_ppc64le
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Workstation	Version 7.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp A250 Firmware	All versions

Running on/with	Platform Versions
Netapp A250	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp 500f Firmware	All versions

Running on/with	Platform Versions
Netapp 500f	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp C250 Firmware	All versions

Running on/with	Platform Versions
Netapp C250	All versions

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (29)

http://www.openwall.com/lists/oss-security/2024/04/10/22

Source: cve-coordination@google.com

Mailing ListPatch

http://www.openwall.com/lists/oss-security/2024/04/10/23

Source: cve-coordination@google.com

Mailing ListPatch

http://www.openwall.com/lists/oss-security/2024/04/14/1

Source: cve-coordination@google.com

ExploitMailing List

http://www.openwall.com/lists/oss-security/2024/04/15/2

Source: cve-coordination@google.com

Mailing List

http://www.openwall.com/lists/oss-security/2024/04/17/5

Source: cve-coordination@google.com

ExploitMailing List

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660

Source: cve-coordination@google.com

Patch

https://github.com/Notselwyn/CVE-2024-1086

Source: cve-coordination@google.com

ExploitThird Party Advisory

https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660

Source: cve-coordination@google.com

Patch

https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html

Source: cve-coordination@google.com

Mailing List

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Source: cve-coordination@google.com

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/

Source: cve-coordination@google.com

Mailing List

https://news.ycombinator.com/item?id=39828424

Source: cve-coordination@google.com

Issue Tracking

https://pwning.tech/nftables/

Source: cve-coordination@google.com

ExploitTechnical DescriptionThird Party Advisory

https://security.netapp.com/advisory/ntap-20240614-0009/

Source: cve-coordination@google.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2024/04/10/22

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

http://www.openwall.com/lists/oss-security/2024/04/10/23

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

http://www.openwall.com/lists/oss-security/2024/04/14/1

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing List

http://www.openwall.com/lists/oss-security/2024/04/15/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://www.openwall.com/lists/oss-security/2024/04/17/5

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing List

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/Notselwyn/CVE-2024-1086

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://news.ycombinator.com/item?id=39828424

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://pwning.tech/nftables/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

https://security.netapp.com/advisory/ntap-20240614-0009/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1086

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.