CVE-2024-1086 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2024-1086?

CVE-2024-1086 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-1086?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux For Ibm Z Systems, Redhat Enterprise Linux For Power Big Endian.

Vulnerability Description

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 3.15, < 5.15.149
Fedoraproject	Fedora	39
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux For Ibm Z Systems	7.0_s390x
Redhat	Enterprise Linux For Power Big Endian	7.0_ppc64
Redhat	Enterprise Linux For Power Little Endian	7.0_ppc64le
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Workstation	7.0
Debian	Debian Linux	10.0
Netapp	A250 Firmware	-
Netapp	A250	-
Netapp	500F Firmware	-
Netapp	500F	-
Netapp	C250 Firmware	-
Netapp	C250	-

Related Weaknesses (CWE)

CWE-416

References

http://www.openwall.com/lists/oss-security/2024/04/10/22Mailing ListPatch
http://www.openwall.com/lists/oss-security/2024/04/10/23Mailing ListPatch
http://www.openwall.com/lists/oss-security/2024/04/14/1ExploitMailing List
http://www.openwall.com/lists/oss-security/2024/04/15/2Mailing List
http://www.openwall.com/lists/oss-security/2024/04/17/5ExploitMailing List
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f3Patch
https://github.com/Notselwyn/CVE-2024-1086ExploitThird Party Advisory
https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.htmlMailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.htmlMailing List
https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
https://news.ycombinator.com/item?id=39828424Issue Tracking
https://pwning.tech/nftables/ExploitTechnical DescriptionThird Party Advisory
https://security.netapp.com/advisory/ntap-20240614-0009/Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/04/10/22Mailing ListPatch

FAQ

What is CVE-2024-1086?

CVE-2024-1086 is a vulnerability with a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as d...

How severe is CVE-2024-1086?

CVE-2024-1086 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-1086?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux For Ibm Z Systems, Redhat Enterprise Linux For Power Big Endian.