Security News CISA warns of actively exploited Linux privilege elevation flaw

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,364
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added two vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, including a Linux kernel privilege elevation flaw.

The high-severity flaw tracked as CVE-2024-1086 was first disclosed on January 31, 2024, as a use-after-free problem in the netfilter: nf_tables component, but was first introduced by a commit in February 2014.

Netfilter is a framework provided by the Linux kernel that allows various networking-related operations, such as packet filtering, network address translation (NAT), and packet mangling.

The vulnerability is caused because the 'nft_verdict_init()' function allows positive values to be used as a drop error within the hook verdict, causing the 'nf_hook_slow()' function to execute a double free when NF_DROP is issued with a drop error that resembles NF_ACCEPT.

Exploitation of CVE-2024-1086 allows an attacker with local access to achieve privilege escalation on the target system, potentially gaining root-level access.

The issue was fixed via a commit submitted in January 2024, which rejects QUEUE/DROP verdict parameters, thus preventing exploitation.

The fix has been backported to multiple stable kernel versions as listed below:
  • v5.4.269 and later
  • v5.10.210 and later
  • v6.6.15 and later
  • v4.19.307 and later
  • v6.1.76 and later
  • v5.15.149 and later
  • v6.7.3 and later
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top