CVE-2024-1086 | Linux-kernel | LPE
| Vulnerability | CVE-2024-1086 |
|---|---|
| Type | local privilege escalation |
| Description | local privilege escalation vulnerability affecting most Linux kernels between v5.14 and v6.6. |
| The Impact of the Bug | The impact of the nf_tables double-free bug in the Linux kernel is significant, as it allows an attacker to exploit kernel-space memory corruption. This can lead to arbitrary code execution with elevated privileges, providing the attacker with control over the affected system.Root cause A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. |
| How to detect if you have a vulnerable application to this attack vector? | To detect if you have a vulnerable application to the nf_tables double-free bug: 1. Check Kernel Version: Ensure your Linux kernel version is up-to-date. Vulnerable versions are typically older ones before the fix was applied. 2. Review System Logs: Look for unusual entries in system logs (/var/log/syslog or /var/log/messages) that may indicate exploitation attempts. 3. Kernel Exploit Detection Tools: Use tools like lynis, chkrootkit, or rkhunter to scan for known vulnerabilities and signs of exploitation. |
| References | https://github.com/NotSelwyn/CVE-2024-1086 https://pwning.tech/nftables |