CVE-2024-1085 — Use After Free in Kernel
Severity
7.8HIGHNVD
EPSS
0.0%
top 85.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 31
Latest updateApr 30
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability.
We recommend upgrading past commit b1d…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages3 packages
Patches
🔴Vulnerability Details
7OSV▶
linux, linux-azure, linux-gcp, linux-gcp-6.5, linux-hwe-6.5, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-raspi, linux-starfive, linux-starfive-6.5 ↗2024-03-20
GHSA▶
GHSA-3xpr-x643-29v6: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation↗2024-01-31
📋Vendor Advisories
13💬Community
1Bugzilla▶
CVE-2024-1085 kernel: nf_tables: use-after-free vulnerability in the nft_setelem_catchall_deactivate() function↗2024-01-31