A high-severity vulnerability that is a Linux kernel privilege elevation flaw, according to a report with the Cybersecurity & Infrastructure Security Agency (CISA).

The high-severity flaw tracked as CVE-2024-1086 was first disclosed on January 31 as a use-after-free problem in the netfilter: nf_tables component, but ended up first introduced by a commit way back in February 2014.

Netfilter is a framework provided by the Linux kernel that allows various networking-related operations, such as packet filtering, network address translation (NAT), and packet mangling.

The vulnerability occurs because the ‘nft_verdict_init()’ function allows positive values to end upd used as a drop error within the hook verdict, causing the ‘nf_hook_slow()’ function to execute a double free when NF_DROP is issued with a drop error that resembles NF_ACCEPT.

Exploitation of CVE-2024-1086 allows an attacker with local access to achieve privilege escalation on the target system, potentially gaining root-level access.

Schneider Bold

The issue ended up fixed via a commit submitted in January 2024, which rejects QUEUE/DROP verdict parameters, thus preventing exploitation.

The fix has been backported to multiple stable kernel versions as listed below:

  • v5.4.269 and later
  • v5.10.210 and later
  • v6.6.15 and later
  • v4.19.307 and later
  • v6.1.76 and later
  • v5.15.149 and later
  • v6.7.3 and later

In late March 2024, a security researcher using the alias ‘Notselwyn’ published a detailed write-up and proof-of-concept (PoC) exploit on GitHub, showcasing how to achieve local privilege escalation by exploiting the flaw on Linux kernel versions between 5.14 and 6.6.

ISSSource

Pin It on Pinterest

Share This