CVE DATABASE  /  CVE-2024-1086

CVE-2024-1086

Linux Kernel Use-After-Free Vulnerability

Summary

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

CVSS 3.1 breakdown

Weakness type (CWE)

• CWE-416

Affected products

References

• http://www.openwall.com/lists/oss-security/2024/04/10/22
• http://www.openwall.com/lists/oss-security/2024/04/10/23
• http://www.openwall.com/lists/oss-security/2024/04/14/1
• http://www.openwall.com/lists/oss-security/2024/04/15/2
• http://www.openwall.com/lists/oss-security/2024/04/17/5
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660
• https://github.com/Notselwyn/CVE-2024-1086
• https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660
• https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
• https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/
• https://news.ycombinator.com/item?id=39828424
• https://pwning.tech/nftables/
• https://security.netapp.com/advisory/ntap-20240614-0009/
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1086

Data: NIST NVD + CISA KEV. NVD last modified 2025-10-27. Always verify against the vendor advisory before acting.