CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-1086

Critical Severity
Linux
SVRS
85/100
CVSSv3
7.8/10
EPSS
0.85972/1

CVE-2024-1086 is a critical use-after-free vulnerability in the Linux kernel's netfilter component. This flaw allows for potential local privilege escalation. The vulnerability stems from the nft_verdict_init() function, which, when processing NF_DROP with a drop error resembling NF_ACCEPT, triggers a double free in the nf_hook_slow() function. With an SVRS score of 85, CVE-2024-1086 is classified as a critical vulnerability that demands immediate attention and patching. Due to active exploits being available, including those in the wild and its presence in the CISA KEV catalog, upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660 is highly recommended to mitigate the risk of exploitation and prevent unauthorized system access.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-01-31
LAST MODIFIED2025-02-13
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-1086 is a use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component, allowing local privilege escalation. The nft_verdict_init() function accepts positive values as drop error within the hook verdict, leading to a double free vulnerability when NF_DROP is issued with a drop error resembling NF_ACCEPT.

Key Insights:

  1. Severity: The SVRS score of 42 indicates a moderate risk, highlighting the need for attention and timely action to mitigate the vulnerability.
  2. Local Privilege Escalation: This vulnerability can be exploited by an attacker to gain elevated privileges on a vulnerable system, potentially leading to complete control over the affected machine.
  3. Active Exploitation: While there is no information about active exploits in the wild, the vulnerability's public disclosure and the availability of proof-of-concept code make it likely that attackers may attempt to exploit it.
  4. Linux Kernel Impact: The vulnerability affects the Linux kernel, which is widely used in various operating systems and devices, making it a potential target for a large number of systems.

Mitigation Strategies:

  1. Update Linux Kernel: Apply the recommended kernel update (commit f342de4e2f33e0e39165d8639387aa6c19dff660) to address the vulnerability.
  2. Monitor Network Traffic: Implement network monitoring solutions to detect and block suspicious activities that may indicate exploitation attempts.
  3. Restrict Privileges: Enforce the principle of least privilege by limiting user privileges to the minimum necessary level, reducing the impact of potential privilege escalation attacks.
  4. Educate Users: Provide security awareness training to users, emphasizing the importance of reporting suspicious activities and avoiding clicking on untrusted links or opening attachments from unknown sources.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
nomi-sec/PoC-in-GitHubhttps://github.com/nomi-sec/PoC-in-GitHub2019-12-08
Notselwyn/exploitshttps://github.com/Notselwyn/exploits2022-10-12
Notselwyn/CVE-2024-1086https://github.com/Notselwyn/CVE-2024-10862024-03-20
Alicey0719/docker-POC_CVE-2024-1086https://github.com/Alicey0719/docker-POC_CVE-2024-10862024-04-03
Linux Kernel Use-After-Free Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-10862024-05-30
andigandhi/bitpixiehttps://github.com/andigandhi/bitpixie2024-12-29
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Exploits and vulnerabilities in Q4 2024
Alexander Kolesnikov2025-02-26
Exploits and vulnerabilities in Q4 2024 | This report provides statistics on vulnerabilities and exploits and discusses the most frequently exploited vulnerabilities in Q4 2024.Q4 2024 saw fewer published exploits for Windows and Linux compared to the first three quarters. Although the number of registered vulnerabilities continued to rise, the total number of Proof of Concept (PoC) instances decreased compared to 2023. Among notable techniques in Q4
securelist.com
rss
forum
news
CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw - The Hacker News
2024-05-30
CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw - The Hacker News | News Content: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-1086 (CVSS score: 7.8), the high-severity issue relates to a use-after-free bug in the netfilter component that permits a local attacker to elevate privileges from a regular user to root and possibly execute arbitrary code. "Linux kernel contains a use-after-free vulnerability in the netfilter: nf
google.com
rss
forum
news
Active Exploitation Observed for Linux Kernel Privilege Escalation Vulnerability (CVE-2024-1086) - CrowdStrike
2024-06-06
Active Exploitation Observed for Linux Kernel Privilege Escalation Vulnerability (CVE-2024-1086) - CrowdStrike | News Content: Last week, CISA added CVE-2024-1086 to its Known Exploited Vulnerability Catalog. CVE-2024-1086, a use-after-free vulnerability in the Linux kernel’s netfilter, was disclosed on January 31, 2024 and assigned a CVSS of 7.8 (High). If successfully exploited, it could allow threat actors to achieve local privilege escalation. While there was no evidence of active exploitation at the time of disclosure, we have since observed adversaries targeting CVE-2024-1086 in the wild. Let’s take a closer look at
google.com
rss
forum
news
1st April – Threat Intelligence Report - Check Point Research
2024-04-01
1st April – Threat Intelligence Report - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 1st April, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES The US and UK governments have announced a criminal indictment and sanctions against APT31, a group of Chinese hackers, for their role in allegedly conducting attacks against companies in the US, as well as government officials in the UK. Check Point has shared its insights on the event and referenced a past report about APT31, including a deep dive into how the group used zero-day vulnerabilities
news
google.com
rss
forum
CISA warns of actively exploited Linux privilege elevation flaw - BleepingComputer
2024-05-31
CISA warns of actively exploited Linux privilege elevation flaw - BleepingComputer | News Content: By Bill Toulas 03:30 PM The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added two vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, including a Linux kernel privilege elevation flaw. The high-severity flaw tracked as CVE-2024-1086 was first disclosed on January 31, 2024, as a use-after-free problem in the netfilter: nf_tables component, but was first introduced by a commit in February 2014. Netfilter is a framework provided by the Linux kernel that allows various networking-related operations, such as packet filtering
google.com
rss
forum
news
Active Exploitation Observed for Linux Kernel Privilege Escalation Vulnerability (CVE-2024-1086) - CrowdStrike
2024-06-06
Active Exploitation Observed for Linux Kernel Privilege Escalation Vulnerability (CVE-2024-1086) - CrowdStrike | News Content: Last week, CISA added CVE-2024-1086 to its Known Exploited Vulnerability Catalog. CVE-2024-1086, a use-after-free vulnerability in the Linux kernel’s netfilter, was disclosed on January 31, 2024 and assigned a CVSS of 7.8 (High). If successfully exploited, it could allow threat actors to achieve local privilege escalation. While there was no evidence of active exploitation at the time of disclosure, we have since observed adversaries targeting CVE-2024-1086 in the wild. Let’s take a closer look at
google.com
rss
forum
news
Active Exploitation Observed for Linux Kernel Privilege Escalation Vulnerability (CVE-2024-1086) - CrowdStrike
2024-06-06
Active Exploitation Observed for Linux Kernel Privilege Escalation Vulnerability (CVE-2024-1086) - CrowdStrike | Description: CrowdStrike has observed active exploitation of CVE-2024-1086, a privilege escalation vulnerability in the Linux kernel. The vulnerability allows threat actors to achieve local privilege escalation and has been added to CISA's Known Exploited Vulnerability Catalog. | News Content: Last week, CISA added CVE-2024-1086 to its Known Exploited Vulnerability Catalog. CVE-2024-1086, a use-after-free vulnerability in the Linux kernel’s netfilter, was disclosed on January 31, 2024 and assigned a CVSS of 7.8 (High). If successfully exploited, it could allow
google.com
rss
forum
news

Social Media

Fine supporto per Microsoft Office 2016 e 2019 e 9 vulnerabilità attivamente sfruttate Sicurezza Informatica, Apache Superset, Bug, cisa, CVE, CVE-2022-48618, CVE-2024-1086, fine supporto, ICS, Office 2016 fine supporto, Office 2019, Parker Hannifin, Phi… https://t.co/YS0JFApJV2 https://t.co/lLEYbgx3LR
0
0
0
@explody @roddux @Canonical @ubuntu You can see from the screenshot that OP provided, they are able to access nftables from inside the userns, accessibility of which is what allowed for CVE-2024-1086 at that time (first link I shared).
0
0
0
[1day1line] CVE-2024-1086: Use-After-Free Vulnerability in Linux Kernel Today's one-line issue is CVE-2024-1086 which is Use-After-Free Vulnerability in Linux Kernel. This vulnerability is a UAF vulnerability in the nf_tables component of netfilter. https://t.co/wSdKHxiWh1
0
1
2
The master class on painting Christmas tree decorations was a success. 👍 They said that you can draw anything. 😏 I drew Elevation of Privilege - Linux Kernel (CVE-2024-1086). 😅 #fun #nftables #Linux #EoP #LPE #MakeMeRoot #DirtyPagedirectory ➡️ https://t.co/yc8PM6qxXv https://t.co/UdnAxGPsf2
0
0
0
CVE-2024-1086 is caused by an nf_tables component flaw in the Linux kernel packet-filtering framework netfilter. Netfilter allows: https://t.co/DyRwbJE7MW
0
0
0
A #vulnerability in the #Linux kernel has been found to affect a wide range of #Moxa industrial networking and computing products. The vulnerability, identified as CVE-2024-1086 (CVSS 7.8), could allow attackers to crash systems or escalate privileges https://t.co/EKlSU6oVr5
0
0
0
🗣 CVE-2024-1086: Linux Kernel Vulnerability Impacts Numerous Moxa Products https://t.co/olStDbJRDO #security #cybernews #cybersecurity #fridaysecurity #linkedin #twitter #telegram
0
0
0
Fix :: CVE-2024-1086 echo "kernel.unprivileged_userns_clone=0" | sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf
0
0
1
Last week, CISA added CVE-2024-1086 to its Known Exploited Vulnerability Catalog. CVE-2024-1086, a use-after-free vulnerability in: https://t.co/DyRwbJE7MW
0
0
0
Last week, CISA added CVE-2024-1086 to its Known Exploited Vulnerability Catalog. In this blog, we share the details of: https://t.co/DyRwbJE7MW
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSLinuxlinux_kernel
Configuration 2
TypeVendorProduct
OSFedoraprojectfedora
Configuration 3
TypeVendorProduct
OSRedhatenterprise_linux_for_power_little_endian
OSRedhatenterprise_linux_for_power_big_endian
OSRedhatenterprise_linux_server
OSRedhatenterprise_linux_workstation
OSRedhatenterprise_linux_for_ibm_z_systems
OSRedhatenterprise_linux_desktop
Configuration 4
TypeVendorProduct
OSDebiandebian_linux
Configuration 5
TypeVendorProduct
OSNetappa250_firmware
Configuration 6
TypeVendorProduct
OSNetapp500f_firmware
Configuration 7
TypeVendorProduct
OSNetappc250_firmware

References

ReferenceLink
[email protected]https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
[email protected]https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
[email protected]https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
[email protected]https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/
[email protected]https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
[email protected]https://github.com/Notselwyn/CVE-2024-1086
[email protected]https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/
[email protected]https://news.ycombinator.com/item?id=39828424
[email protected]https://pwning.tech/nftables/
[email protected]http://www.openwall.com/lists/oss-security/2024/04/10/22
[email protected]http://www.openwall.com/lists/oss-security/2024/04/10/23
[email protected]http://www.openwall.com/lists/oss-security/2024/04/14/1
[email protected]http://www.openwall.com/lists/oss-security/2024/04/15/2
[email protected]http://www.openwall.com/lists/oss-security/2024/04/17/5
[email protected]https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
[email protected]https://github.com/Notselwyn/CVE-2024-1086
[email protected]https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/
[email protected]https://news.ycombinator.com/item?id=39828424
[email protected]https://pwning.tech/nftables/
[email protected]http://www.openwall.com/lists/oss-security/2024/04/10/22
[email protected]http://www.openwall.com/lists/oss-security/2024/04/10/23
[email protected]http://www.openwall.com/lists/oss-security/2024/04/14/1
[email protected]http://www.openwall.com/lists/oss-security/2024/04/15/2
[email protected]http://www.openwall.com/lists/oss-security/2024/04/17/5
[email protected]https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
[email protected]https://github.com/Notselwyn/CVE-2024-1086
[email protected]https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/
[email protected]https://news.ycombinator.com/item?id=39828424
[email protected]https://pwning.tech/nftables/
[email protected]https://security.netapp.com/advisory/ntap-20240614-0009/
[email protected]http://www.openwall.com/lists/oss-security/2024/04/10/22
[email protected]http://www.openwall.com/lists/oss-security/2024/04/10/23
[email protected]http://www.openwall.com/lists/oss-security/2024/04/14/1
[email protected]http://www.openwall.com/lists/oss-security/2024/04/15/2
[email protected]http://www.openwall.com/lists/oss-security/2024/04/17/5
[email protected]https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
[email protected]https://github.com/Notselwyn/CVE-2024-1086
[email protected]https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
[email protected]https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/
[email protected]https://news.ycombinator.com/item?id=39828424
[email protected]https://pwning.tech/nftables/
[email protected]https://security.netapp.com/advisory/ntap-20240614-0009/
[email protected]http://www.openwall.com/lists/oss-security/2024/04/10/22
[email protected]http://www.openwall.com/lists/oss-security/2024/04/10/23
[email protected]http://www.openwall.com/lists/oss-security/2024/04/14/1
[email protected]http://www.openwall.com/lists/oss-security/2024/04/15/2
[email protected]http://www.openwall.com/lists/oss-security/2024/04/17/5
[email protected]https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
[email protected]https://github.com/Notselwyn/CVE-2024-1086
[email protected]https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
[email protected]https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
[email protected]https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/
[email protected]https://news.ycombinator.com/item?id=39828424
[email protected]https://pwning.tech/nftables/
[email protected]https://security.netapp.com/advisory/ntap-20240614-0009/
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/04/10/22
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/04/10/23
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/04/14/1
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/04/15/2
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/04/17/5
AF854A3A-2127-422B-91AE-364DA2661108https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/Notselwyn/CVE-2024-1086
AF854A3A-2127-422B-91AE-364DA2661108https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
AF854A3A-2127-422B-91AE-364DA2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
AF854A3A-2127-422B-91AE-364DA2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
AF854A3A-2127-422B-91AE-364DA2661108https://lists.fedoraproject.org/archives/list/[email protected]/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/
AF854A3A-2127-422B-91AE-364DA2661108https://news.ycombinator.com/item?id=39828424
AF854A3A-2127-422B-91AE-364DA2661108https://pwning.tech/nftables/
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20240614-0009/
[email protected]http://www.openwall.com/lists/oss-security/2024/04/10/22
[email protected]http://www.openwall.com/lists/oss-security/2024/04/10/23
[email protected]http://www.openwall.com/lists/oss-security/2024/04/14/1
[email protected]http://www.openwall.com/lists/oss-security/2024/04/15/2
[email protected]http://www.openwall.com/lists/oss-security/2024/04/17/5
[email protected]https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
[email protected]https://github.com/Notselwyn/CVE-2024-1086
[email protected]https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
[email protected]https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
[email protected]https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/
[email protected]https://news.ycombinator.com/item?id=39828424
[email protected]https://pwning.tech/nftables/
[email protected]https://security.netapp.com/advisory/ntap-20240614-0009/
GITHUBhttps://github.com/Notselwyn/CVE-2024-1086
GITHUBhttps://news.ycombinator.com/item?id=39828424
GITHUBhttps://pwning.tech/nftables/

CWE Details

CWE IDCWE NameDescription
CWE-416Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence