{"id":"CVE-2024-1086","details":"A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.","modified":"2026-03-13T07:51:09.921760Z","published":"2024-01-31T13:15:10.827Z","related":["ALSA-2024:1607","ALSA-2024:2394","SUSE-SU-2024:0463-1","SUSE-SU-2024:0468-1","SUSE-SU-2024:0469-1","SUSE-SU-2024:0474-1","SUSE-SU-2024:0476-1","SUSE-SU-2024:0478-1","SUSE-SU-2024:0483-1","SUSE-SU-2024:0484-1","SUSE-SU-2024:0514-1","SUSE-SU-2024:0515-1","SUSE-SU-2024:0516-1","SUSE-SU-2024:1358-1","SUSE-SU-2024:1359-1","SUSE-SU-2024:1364-1","SUSE-SU-2024:1373-1","SUSE-SU-2024:1380-1","SUSE-SU-2024:1382-1","SUSE-SU-2024:1386-1","SUSE-SU-2024:1388-1","SUSE-SU-2024:1390-1","SUSE-SU-2024:1400-1","SUSE-SU-2024:1401-1","SUSE-SU-2024:1405-1","SUSE-SU-2024:1406-1","SUSE-SU-2024:1410-1","SUSE-SU-2024:1418-1","SUSE-SU-2024:1493-1","SUSE-SU-2024:1505-1","SUSE-SU-2024:1506-1","SUSE-SU-2024:1537-1","SUSE-SU-2024:1545-1","SUSE-SU-2024:1551-1","SUSE-SU-2024:1554-1","SUSE-SU-2024:1558-1","SUSE-SU-2024:1562-1","SUSE-SU-2024:1580-1","SUSE-SU-2024:1581-1","SUSE-SU-2024:1582-1","SUSE-SU-2024:1596-1","USN-6707-2"],"references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1086"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240614-0009/"},{"type":"REPORT","url":"https://news.ycombinator.com/item?id=39828424"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2024/04/10/23"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2024/04/10/22"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660"},{"type":"FIX","url":"https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2024/04/15/2"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/"},{"type":"EVIDENCE","url":"https://pwning.tech/nftables/"},{"type":"EVIDENCE","url":"http://www.openwall.com/lists/oss-security/2024/04/14/1"},{"type":"EVIDENCE","url":"http://www.openwall.com/lists/oss-security/2024/04/17/5"},{"type":"EVIDENCE","url":"https://github.com/Notselwyn/CVE-2024-1086"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"3.15"},{"fixed":"5.15.149"}]},{"events":[{"introduced":"6.1"},{"fixed":"6.1.76"}]},{"events":[{"introduced":"6.2"},{"fixed":"6.6.15"}]},{"events":[{"introduced":"6.7"},{"fixed":"6.7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"6.8-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0_s390x"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0_ppc64"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0_ppc64le"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1086.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}