A high-severity vulnerability that is a Linux kernel privilege elevation flaw, according to a report with the Cybersecurity & Infrastructure Security Agency (CISA).

The high-severity flaw tracked as CVE-2024-1086 was first disclosed on January 31 as a use-after-free problem in the netfilter: nf_tables component, but ended up first introduced by a commit way back in February 2014.

Netfilter is a framework provided by the Linux kernel that allows various networking-related operations, such as packet filtering, network address translation (NAT), and packet mangling.

The vulnerability occurs because the ‘nft_verdict_init()’ function allows positive values to end upd used as a drop error within the hook verdict, causing the ‘nf_hook_slow()’ function to execute a double free when NF_DROP is issued with a drop error that resembles NF_ACCEPT.

Exploitation of CVE-2024-1086 allows an attacker with local access to achieve privilege escalation on the target system, potentially gaining root-level access.

Schneider Bold

The issue ended up fixed via a commit submitted in January 2024, which rejects QUEUE/DROP verdict parameters, thus preventing exploitation.

The fix has been backported to multiple stable kernel versions as listed below:

  • v5.4.269 and later
  • v5.10.210 and later
  • v6.6.15 and later
  • v4.19.307 and later
  • v6.1.76 and later
  • v5.15.149 and later
  • v6.7.3 and later

In late March 2024, a security researcher using the alias ‘Notselwyn’ published a detailed write-up and proof-of-concept (PoC) exploit on GitHub, showcasing how to achieve local privilege escalation by exploiting the flaw on Linux kernel versions between 5.14 and 6.6.


Pin It on Pinterest

Share This