⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due date: 2024-06-20.
CVE-2024-1086
Severity
7.8HIGH
EPSS
85.4%
top 0.63%
CISA KEV
KEVRansomware
Added 2024-05-30
Due 2024-06-20
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJan 31
KEV addedMay 30
KEV dueJun 20
Latest updateOct 31
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.
We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages6 packages
Also affects: Debian Linux 10.0, Enterprise Linux 7.0, 7.0_ppc64, Fedora 39
Patches
🔴Vulnerability Details
7GHSA▶
GHSA-gfh2-2mj9-m2cx: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation↗2024-01-31
OSV▶
CVE-2024-1086: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation↗2024-01-31