CVE-2024-0193 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Redhat	Codeready Linux Builder For Ibm Z Systems Eus	9.2_s390x
Redhat	Codeready Linux Builder For Power Little Endian Eus	9.2_ppc64le
Redhat	Codeready Linux Builder For X86 64 Eus	9.2
Redhat	Enterprise Linux For Arm 64 Eus	9.2_aarch64
Redhat	Enterprise Linux For Arm64	9.2
Redhat	Enterprise Linux For Arm64 Els	9.2
Redhat	Enterprise Linux For Ibm Z Systems	9.2_s390x
Redhat	Enterprise Linux For Ibm Z Systems Els	9.2_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	9.2_s390x
Redhat	Enterprise Linux For Power Little Endian Els	9.2_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	9.2_ppc64le
Redhat	Enterprise Linux For X86 64 Els	9.2
Redhat	Enterprise Linux For X86 64 Eus	9.2
Redhat	Enterprise Linux For X86 64 Update Services For Sap Solutions	9.2
Redhat	Enterprise Linux Server Aus	9.2
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	9.2_ppc64le
Redhat	Codeready Linux Builder For Arm64	9.0_aarch64
Redhat	Codeready Linux Builder For Arm64 Eus	9.4_aarch64
Redhat	Codeready Linux Builder For Ibm Z Systems	9.0_s390x
Redhat	Codeready Linux Builder For Power Little Endian	9.0_ppc64le

Related Weaknesses (CWE)

CWE-416

References

https://access.redhat.com/errata/RHSA-2024:1018Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1019Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1248Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:2094Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:4412Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:4415Vendor Advisory
https://access.redhat.com/security/cve/CVE-2024-0193MitigationThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2255653Issue TrackingPatchThird Party Advisory
https://access.redhat.com/errata/RHSA-2024:1018Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1019Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1248Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:2094Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:4412Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:4415Vendor Advisory
https://access.redhat.com/security/cve/CVE-2024-0193MitigationThird Party Advisory

FAQ

What is CVE-2024-0193?

CVE-2024-0193 is a vulnerability with a CVSS score of 7.8 (HIGH). A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This ...

How severe is CVE-2024-0193?

CVE-2024-0193 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-0193?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Codeready Linux Builder For Ibm Z Systems Eus, Redhat Codeready Linux Builder For Power Little Endian Eus, Redhat Codeready Linux Builder For X86 64 Eus, Redhat Enterprise Linux For Arm 64 Eus, Redhat Enterprise Linux For Arm64.