Network Exploitation of CVE-2024-1086 related to Linux Kernel Detected (AL02/240531/CSIRT-ITA)

Summary

Active exploitation of the CVE-2024-1086 vulnerability – already fixed by the vendor – affecting the nf_tables component of the Linux kernel has been detected online. This vulnerability could allow a remote malicious user to elevate their privileges on target devices.

Note: a Proof of Concept (PoC) for the exploitation of the vulnerability is available online

Risk

Estimate of the impact of the vulnerability on the reference community: SERIOUS/RED (76.66/100)¹.

Type

• Privilege Escalation

Description

The exploitation of the CVE-2024-1086 vulnerability – already fixed by the vendor, of the “Use-After-Free” type and with a CVSS 3.x score of 7.8 – present in the nf_tables component of the Linux kernel, a subsystem used for managing network traffic filtering rules, has recently been detected.

This vulnerability could allow the disclosure of sensitive information and potentially allow abusive access to VPN services on systems that require the use of a password only as an authentication method, especially for local accounts.

Affected products and versions

Linux kernel, from version 3.15 to 6.8-rc1 (excluding patched stable versions)

Mitigation Actions

If not already done, it is recommended to promptly update vulnerable products to the latest available version.

Unique Vulnerability Identifiers

CVE-2024-1086

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660

https://bugzilla.redhat.com/show_bug.cgi?id=2262126

¹This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.