Linux kernel contains a vulnerability that could allow an attacker to achieve local privilege escalation

Threat ID:CC-4505

Threat Severity:Medium

Published:31 May 2024 1:58 PM

Summary

Affected platforms

The following platforms are known to be affected:

Linux kernel

Threat details

Introduction

Based on evidence of active exploitation, CISA have added CVE-2024-1086 to their known exploited vulnerabilities catalog. The vulnerability has a CVSSv3 score of 7.8 and can allow an attacker to achieve local privilege escalation.

Exploitation of CVE-2024-1086

CVE-2024-1086 was added to the US Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerability Catalog based on evidence of exploitation in the wild.

Remediation advice

Affected organisations are encouraged to contact their relevant Linux IT suppliers and apply the relevant updates.

Definitive source of threat updates

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660

https://nvd.nist.gov/vuln/detail/CVE-2024-1086

CVE Vulnerabilities

StatusPublished

CVE-2024-1086A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

Last edited: 31 May 2024 1:58 pm