CISA warns of actively exploited Linux privilege elevation flaw
What specific function within the Linux kernel's netfilter framework is responsible for the CVE-2024-1086 vulnerability?
The CVE-2024-1086 vulnerability in the Linux kernel's netfilter framework is caused by the 'nft_verdict_init()' function. This function allows positive values to be used as a drop error within the hook verdict, leading to a double free vulnerability when the 'nf_hook_slow()' function is executed with a drop error that resembles NF_ACCEPT. This issue can be exploited by an attacker with local access to achieve privilege escalation on the target system.
What are the details of the fix that was implemented in January 2024 to address the CVE-2024-1086 vulnerability?
The fix implemented in January 2024 to address the CVE-2024-1086 vulnerability involved rejecting QUEUE/DROP verdict parameters in the 'nft_verdict_init()' function. This prevented the exploitation of the use-after-free issue in the netfilter: nf_tables component of the Linux kernel6. By making this change, the fix stopped the 'nf_hook_slow()' function from executing a double free when NF_DROP was issued with a drop error resembling NF_ACCEPT. The fix has been backported to multiple stable kernel versions to ensure the security of various Linux distributions.
When was the CVE-2024-1086 vulnerability first introduced into the Linux kernel, and when was it first publicly disclosed?
The CVE-2024-1086 vulnerability was first introduced into the Linux kernel in February 2014, and it was first publicly disclosed on January 31, 2024. The vulnerability is a use-after-free problem in the netfilter: nf_tables component, which allows an attacker with local access to achieve privilege escalation on the target system2. The issue was fixed via a commit submitted in January 2024, and the fix has been backported to multiple stable kernel versions.