Back to KEVs

CVE-2024-1086

Use-after-free in Linux kernel's netfilter: nf_tables component

Basic Information

CVE State: PUBLISHED
Reserved Date: January 30, 2024
Published Date: January 31, 2024
Last Updated: February 13, 2025
Vendor: Linux
Product: Kernel
Description: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2024-05-30 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2024-04-30 16:10:37 UTC) Source

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660 https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660 https://lists.fedoraproject.org/archives/list/[email protected]/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/ https://github.com/Notselwyn/CVE-2024-1086 https://news.ycombinator.com/item?id=39828424 https://pwning.tech/nftables/ http://www.openwall.com/lists/oss-security/2024/04/15/2 http://www.openwall.com/lists/oss-security/2024/04/10/23 http://www.openwall.com/lists/oss-security/2024/04/10/22 http://www.openwall.com/lists/oss-security/2024/04/14/1 http://www.openwall.com/lists/oss-security/2024/04/17/5 https://security.netapp.com/advisory/ntap-20240614-0009/ https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2024-05-30 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

LLfam/CVE-2024-1086

Type: github • Created: 2024-12-16 17:33:13 UTC • Stars: 14

CCIEVoice2009/CVE-2024-1086

Type: github • Created: 2024-04-30 16:10:37 UTC • Stars: 0

Alicey0719/docker-POC_CVE-2024-1086

Type: github • Created: 2024-04-03 13:09:22 UTC • Stars: 2

Notselwyn/CVE-2024-1086

Type: github • Created: 2024-03-20 21:16:41 UTC • Stars: 2358

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.