CVE-2024-1086

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.

We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

Published: Jan 31, 2024
Updated: May 4, 2025
CVE: CVE-2024-1086
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	6.7	6.7.3
linux / linux_kernel	6.2	6.6.15
linux / linux_kernel	6.8-rc1	6.8-rc1.x
linux / linux_kernel	6.1	6.1.76
linux / linux_kernel	3.15	5.15.149
fedoraproject / fedora	39	39.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_for_power_little_endian	7.0_ppc64le	7.0_ppc64le.x
redhat / enterprise_linux_for_power_big_endian	7.0_ppc64	7.0_ppc64.x
redhat / enterprise_linux_for_ibm_z_systems	7.0_s390x	7.0_s390x.x
debian / debian_linux	10.0	10.0.x

Vulnerability Database

289,599

CVE-2024-1086