CVE-2024-1086: Fixes in Linux Kernel
First published: Wed Jan 31 2024(Updated: )
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Credit: cve-coordination@google.com cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM QRadar SIEM | <=7.5 - 7.5.0 UP8 IF01 | |
| Linux Linux kernel | >=3.15<5.15.149 | |
| Linux Linux kernel | >=6.1<6.1.76 | |
| Linux Linux kernel | >=6.2<6.6.15 | |
| Linux Linux kernel | >=6.7<6.7.3 | |
| Linux Linux kernel | =6.8-rc1 | |
| Fedoraproject Fedora | =39 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux For Ibm Z Systems | =7.0_s390x | |
| Redhat Enterprise Linux For Power Big Endian | =7.0_ppc64 | |
| Redhat Enterprise Linux For Power Little Endian | =7.0_ppc64le | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| Debian Debian Linux | =10.0 | |
| All of | ||
| Netapp A250 Firmware | ||
| Netapp A250 | ||
| All of | ||
| Netapp 500f Firmware | ||
| Netapp 500f | ||
| All of | ||
| Netapp C250 Firmware | ||
| Netapp C250 | ||
| Linux kernel | ||
| F5 F5OS-A | =1.7.0>=1.5.0<=1.5.2 | 1.8.0 |
| F5 F5OS-C | >=1.6.0<=1.6.2>=1.5.0<=1.5.1 | |
| redhat/kernel | <6.8 | 6.8 |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.112-1 6.11.5-1 6.11.7-1 |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Remedy
If not needed, disable the ability for unprivileged users to create namespaces. To do this temporarily, do: sudo sysctl -w kernel.unprivileged_userns_clone=0 To disable across reboots, do: echo kernel.unprivileged_userns_clone=0 | \ sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-chromeos.html (Advisory)
- https://www.theregister.com/2024/03/29/linux_kernel_flaw/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
- https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
- https://github.com/Notselwyn/CVE-2024-1086
- https://news.ycombinator.com/item?id=39828424
- https://pwning.tech/nftables/
- https://launchpad.net/bugs/cve/CVE-2024-1086
- https://exchange.xforce.ibmcloud.com/vulnerabilities/281122
- https://www.ibm.com/support/pages/node/7150684 (Advisory)
- https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-linux-privilege-elevation-flaw/
- http://www.openwall.com/lists/oss-security/2024/04/15/2
- http://www.openwall.com/lists/oss-security/2024/04/10/23
- http://www.openwall.com/lists/oss-security/2024/04/10/22
- http://www.openwall.com/lists/oss-security/2024/04/14/1
- http://www.openwall.com/lists/oss-security/2024/04/17/5
- https://security.netapp.com/advisory/ntap-20240614-0009/
- https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660;
- https://nvd.nist.gov/vuln/detail/CVE-2024-1086
- https://my.f5.com/manage/s/article/K000139430
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1086
- https://security-tracker.debian.org/tracker/CVE-2024-1086
- https://ubuntu.com/security/CVE-2024-1086
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2262128
- https://access.redhat.com/errata/RHSA-2024:0930
- https://access.redhat.com/errata/RHSA-2024:1019
- https://access.redhat.com/errata/RHSA-2024:1018
- https://access.redhat.com/errata/RHSA-2024:1249
- https://access.redhat.com/errata/RHSA-2024:1332
- https://access.redhat.com/errata/RHSA-2024:1404
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2269217
- https://access.redhat.com/errata/RHSA-2024:1607
- https://access.redhat.com/errata/RHSA-2024:1614
- https://access.redhat.com/security/cve/CVE-2024-1086
- https://access.redhat.com/errata/RHSA-2024:2394
- https://access.redhat.com/errata/RHSA-2024:2697
- https://access.redhat.com/errata/RHSA-2024:3319
- https://access.redhat.com/errata/RHSA-2024:3318
- https://access.redhat.com/errata/RHSA-2024:3427
- https://access.redhat.com/errata/RHSA-2024:3414
- https://access.redhat.com/errata/RHSA-2024:3421
- https://access.redhat.com/errata/RHSA-2024:3530
- https://access.redhat.com/errata/RHSA-2024:3528
- https://access.redhat.com/errata/RHSA-2024:3529
- https://access.redhat.com/errata/RHSA-2024:3805
- https://access.redhat.com/errata/RHSA-2024:4075
- https://access.redhat.com/errata/RHSA-2024:4074
- https://access.redhat.com/errata/RHSA-2024:4073
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2262126#c55
- https://pokerogue.io
- https://bugzilla.redhat.com/show_bug.cgi?id=2262126
- https://git.kernel.org/linus/f342de4e2f33e0e39165d8639387aa6c19dff660
- https://www.theregister.com/2024/11/11/infosec_in_brief/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- agent/type
- collector/chrome-releases
- agent/author
- agent/first-publish-date
- agent/title
- collector/the-register
- source/The Register
- alias/CVE-2024-1086
- agent/news-ai
- agent/weakness
- collector/oss-sec
- source/oss-sec
- collector/launchpad-cve
- source/Launchpad
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/severity
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-24919
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/remedy
- collector/f5-advisory
- source/F5
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- agent/last-modified-date
- agent/references
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- alias/CVE-2024-8956
- alias/CVE-2024-8957
- vendor/ibm
- canonical/ibm qradar siem
- version/ibm qradar siem/7.5 - 7.5.0 up8 if01
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/3.15
- version/linux linux kernel/6.1
- version/linux linux kernel/6.2
- version/linux linux kernel/6.7
- version/linux linux kernel/6.8-rc1
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/39
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux for ibm z systems
- version/redhat enterprise linux for ibm z systems/7.0_s390x
- canonical/redhat enterprise linux for power big endian
- version/redhat enterprise linux for power big endian/7.0_ppc64
- canonical/redhat enterprise linux for power little endian
- version/redhat enterprise linux for power little endian/7.0_ppc64le
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- vendor/netapp
- canonical/netapp a250 firmware
- canonical/netapp a250
- canonical/netapp 500f firmware
- canonical/netapp 500f
- canonical/netapp c250 firmware
- canonical/netapp c250
- canonical/linux kernel
- vendor/f5
- canonical/f5 f5os-a
- version/f5 f5os-a/1.7.0
- version/f5 f5os-a/1.5.0
- version/f5 f5os-a/1.5.2
- canonical/f5 f5os-c
- version/f5 f5os-c/1.6.0
- version/f5 f5os-c/1.6.2
- version/f5 f5os-c/1.5.0
- version/f5 f5os-c/1.5.1
- package-manager/redhat
- package-manager/debian