A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.
We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
History
21 Nov 2024, 08:49
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2024/04/10/22 - Mailing List, Patch | |
References | () http://www.openwall.com/lists/oss-security/2024/04/10/23 - Mailing List, Patch | |
References | () http://www.openwall.com/lists/oss-security/2024/04/14/1 - Exploit, Mailing List | |
References | () http://www.openwall.com/lists/oss-security/2024/04/15/2 - Mailing List | |
References | () http://www.openwall.com/lists/oss-security/2024/04/17/5 - Exploit, Mailing List | |
References | () https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660 - Patch | |
References | () https://github.com/Notselwyn/CVE-2024-1086 - Exploit, Third Party Advisory | |
References | () https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660 - Patch | |
References | () https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html - Mailing List, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/ - Mailing List | |
References | () https://news.ycombinator.com/item?id=39828424 - Issue Tracking | |
References | () https://pwning.tech/nftables/ - Exploit, Technical Description, Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20240614-0009/ - Third Party Advisory |
14 Aug 2024, 19:41
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:c250_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:c250:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:* |
|
First Time |
Netapp c250
Debian Debian debian Linux Netapp c250 Firmware Netapp Netapp 500f Netapp a250 Firmware Netapp a250 Netapp 500f Firmware |
|
References | () https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660 - Patch | |
References | () https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html - Mailing List, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html - Mailing List, Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20240614-0009/ - Third Party Advisory |
27 Jun 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jun 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Jun 2024, 13:25
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat
Fedoraproject Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux For Ibm Z Systems Fedoraproject fedora Redhat enterprise Linux Workstation Redhat enterprise Linux For Power Big Endian Redhat enterprise Linux Desktop Redhat enterprise Linux Server |
|
CPE | cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:* |
|
References | () http://www.openwall.com/lists/oss-security/2024/04/10/22 - Mailing List, Patch | |
References | () http://www.openwall.com/lists/oss-security/2024/04/10/23 - Mailing List, Patch | |
References | () http://www.openwall.com/lists/oss-security/2024/04/14/1 - Exploit, Mailing List | |
References | () http://www.openwall.com/lists/oss-security/2024/04/15/2 - Mailing List | |
References | () http://www.openwall.com/lists/oss-security/2024/04/17/5 - Exploit, Mailing List | |
References | () https://github.com/Notselwyn/CVE-2024-1086 - Exploit, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/ - Mailing List | |
References | () https://news.ycombinator.com/item?id=39828424 - Issue Tracking | |
References | () https://pwning.tech/nftables/ - Exploit, Technical Description, Third Party Advisory |
01 May 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Mar 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Mar 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Feb 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Feb 2024, 20:41
Type | Values Removed | Values Added |
---|---|---|
References | () https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660 - Mailing List, Patch | |
References | () https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660 - Patch | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:* |
|
First Time |
Linux linux Kernel
Linux |
31 Jan 2024, 14:05
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-31 13:15
Updated : 2024-11-21 08:49
NVD link : CVE-2024-1086
Mitre link : CVE-2024-1086
CVE.ORG link : CVE-2024-1086
JSON object : View
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux_for_ibm_z_systems
- enterprise_linux_workstation
- enterprise_linux_for_power_little_endian
- enterprise_linux_for_power_big_endian
- enterprise_linux_server
netapp
- 500f
- 500f_firmware
- c250_firmware
- a250
- c250
- a250_firmware
fedoraproject
- fedora
debian
- debian_linux
linux
- linux_kernel
CWE
CWE-416
Use After Free