CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-0193

High Severity
Linux
SVRS
69/100
CVSSv3
6.7/10
EPSS
0.00066/1

CVE-2024-0193 is a use-after-free vulnerability in the Linux kernel's netfilter subsystem. This flaw allows a local, unprivileged user with CAP_NET_ADMIN to potentially escalate their privileges on the system. The vulnerability stems from double deactivation of an element when the catchall element is garbage-collected upon removal of the pipapo set. Although the CVSS score is 6.7, indicating moderate severity, the SOCRadar Vulnerability Risk Score (SVRS) is 69, highlighting the potential risk. Given that active exploits are published "In The Wild" for CVE-2024-0193, admins should prioritize updates. The potential for privilege escalation makes this a serious threat, demanding prompt patching and mitigation to prevent unauthorized access. Failing to address this can result in system compromise and data breaches.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:H
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-01-02
LAST MODIFIED2024-07-09
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-0193 is a use-after-free vulnerability in the netfilter subsystem of the Linux kernel. This flaw allows a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system. The SVRS score of 36 indicates a moderate risk, requiring attention and appropriate mitigation measures.

Key Insights:

  1. Privilege Escalation: This vulnerability can be exploited by a local unprivileged user to gain elevated privileges on the system. This could allow an attacker to access sensitive data, modify system files, or execute arbitrary code with root privileges.
  2. Local Attack: The vulnerability requires local access to the affected system. This means that an attacker would need to have physical access to the machine or be able to compromise it remotely through other means, such as phishing or malware.
  3. Wide Impact: The Linux kernel is used in a wide range of devices, including servers, desktops, and embedded systems. This vulnerability could potentially affect a large number of systems and organizations.

Mitigation Strategies:

  1. Apply Security Updates: System administrators should apply the latest security updates from their Linux distribution as soon as possible. These updates will patch the vulnerability and protect systems from exploitation.
  2. Restrict Privileges: Organizations should implement least privilege principles and restrict user access to only the resources and privileges necessary for their job roles. This can help to limit the impact of privilege escalation attacks.
  3. Enable Intrusion Detection and Prevention Systems: Organizations should deploy intrusion detection and prevention systems (IDS/IPS) to monitor network traffic and identify suspicious activity. These systems can help to detect and block attacks that attempt to exploit this vulnerability.
  4. Educate Users: Organizations should educate users about the risks of phishing and malware attacks and provide them with the tools and knowledge they need to protect themselves.

Additional Information:

  • Threat Actors/APT Groups: There is no information available about specific threat actors or APT groups actively exploiting this vulnerability.
  • Exploit Status: There are no known active exploits for this vulnerability at this time.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
  • In the Wild: There is no evidence that this vulnerability is being actively exploited by hackers in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
nomi-sec/PoC-in-GitHubhttps://github.com/nomi-sec/PoC-in-GitHub2019-12-08
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Tuesday, January 9th, 2024
Dr. Johannes B. Ullrich2024-01-09
ISC StormCast for Tuesday, January 9th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Honeypot User Agents; KyberSlash; netfilter DoS; Cacti RCEWhat is That User Agent https://isc.sans.edu/diary/What%20is%20that%20User%20Agent%3F/30536 KyberSlash Vulnerability https://kyberslash.cr.yp.to/faq.html Netfilter DoS Vulnerability CVE-2024-0193 https://access.redhat.com/security/cve/CVE-2024-0193 Cacti Vulnerability https://github.com
sans.edu
rss
forum
news
PoC Exploit Published for Linux Kernel Privilege Escalation Flaw
Dhivya2024-07-01
PoC Exploit Published for Linux Kernel Privilege Escalation Flaw | A critical use-after-free vulnerability has been discovered in the Linux kernel’s netfilter subsystem. This vulnerability could potentially allow local, unprivileged users with CAP_NET_ADMIN capability to escalate their privileges. The flaw, identified in the upstream commit 5f68718b34a5 (“netfilter: nf_tables: GC transaction API to avoid race with control plane”), can cause a use-after-free issue on an NFT_CHAIN […] The post PoC Exploit Published
cve-2024-0193
domains
urls
cves
LSN-0103-1: Kernel Live Patch Security Notice
2024-04-30
LSN-0103-1: Kernel Live Patch Security Notice | Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory).(CVE-2023-4569) Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-6817) It was discovered that a
cve-2024-1085
cve-2024-1086
cve-2023-6817
cve-2024-0193

Social Media

#Vulnerability #CVE20240193 PoC Exploit Published for Linux Kernel Privilege Escalation Flaw (CVE-2024-0193) https://t.co/KcADB0fmgq
0
0
0
security-research/pocs/linux/kernelctf/CVE-2024-0193_cos/docs/exploit.md at master · google/security-research · GitHub - https://t.co/dzyruMkrKl
0
0
0
PoC : Linux Kernel Privilege Escalation (CVE-2024-0193) : https://t.co/YAwc8RGeaT
0
1
13
PoC Exploit Published for Linux Kernel Privilege Escalation Flaw (CVE-2024-0193) https://t.co/xXlXZfg9lM
0
0
6

Affected Software

Configuration 1
TypeVendorProduct
OSLinuxlinux_kernel
Configuration 2
TypeVendorProduct
OSRedhatenterprise_linux

References

ReferenceLink
[email protected]https://access.redhat.com/security/cve/CVE-2024-0193
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2255653
[email protected]https://access.redhat.com/errata/RHSA-2024:1018
[email protected]https://access.redhat.com/errata/RHSA-2024:1019
[email protected]https://access.redhat.com/security/cve/CVE-2024-0193
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2255653
[email protected]https://access.redhat.com/errata/RHSA-2024:1018
[email protected]https://access.redhat.com/errata/RHSA-2024:1019
[email protected]https://access.redhat.com/errata/RHSA-2024:1248
[email protected]https://access.redhat.com/security/cve/CVE-2024-0193
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2255653
[email protected]https://access.redhat.com/errata/RHSA-2024:1018
[email protected]https://access.redhat.com/errata/RHSA-2024:1019
[email protected]https://access.redhat.com/errata/RHSA-2024:1248
[email protected]https://access.redhat.com/errata/RHSA-2024:2094
[email protected]https://access.redhat.com/security/cve/CVE-2024-0193
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2255653
[email protected]https://access.redhat.com/errata/RHSA-2024:1018
[email protected]https://access.redhat.com/errata/RHSA-2024:1019
[email protected]https://access.redhat.com/errata/RHSA-2024:1248
[email protected]https://access.redhat.com/errata/RHSA-2024:2094
[email protected]https://access.redhat.com/errata/RHSA-2024:4412
[email protected]https://access.redhat.com/errata/RHSA-2024:4415
[email protected]https://access.redhat.com/security/cve/CVE-2024-0193
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2255653

CWE Details

CWE IDCWE NameDescription
CWE-416Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence