Linux Kernel Vulnerability Update

On June 1st, TapTechNews reported that the US Cybersecurity and Infrastructure Security Agency (CISA) today updated its Known Exploitable Vulnerabilities (KEV) catalog and requires federal agencies to patch and repair the Linux kernel privilege escalation vulnerability with the tracking number CVE-2024-1086 by June 20, 2024.

CVE-2024-1086 is a high-risk use-after-free vulnerability that was first disclosed on January 31, 2024 and exists in the netfilter:nf_tables component. The relevant vulnerability code was incorporated in a submission in February 2014.

Netfilter is a framework provided by the Linux kernel that allows for various network-related operations such as packet filtering, Network Address Translation (NAT), and packet obfuscation.

The reason for this vulnerability is that the function 'nft_verdict_init()' allows positive values to be used as pull-down errors in the hook verdict, resulting in the function 'nf_hook_slow()' performing a double free when issued with a pull-down error similar to NF_ACCEPT.

Hackers can exploit CVE-2024-1086 to escalate privileges on local devices and can obtain up to root-level access rights.

Linux multiple stable versions have been patched currently, and TapTechNews attaches the relevant versions as follows:

v5.4.269 and higher versions

v5.10.210 and higher versions

v6.6.15 and higher versions

v4.19.307 and higher versions

v6.1.76 and higher versions

v5.15.149 and higher versions

v6.7.3 and higher versions

The cyber security expert Notselwyn posted on GitHub in March this year, demonstrating how to use this vulnerability to achieve local privilege escalation on Linux kernels of versions 5.14 to 6.6.