CVE-2024-1086

Name: CVE-2024-1086
Creator: NVD / NIST
Published: 2024-01-31T13:15:10.827+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10Actively ExploitedEPSS 28.06%

Last modified Jun 17, 2026

CVE-2024-1086 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.. CISA has confirmed active exploitation in the wild. EPSS estimates a 28.06% chance of exploitation in the next 30 days.

Description

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

28.06%

97.9th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Jun 20, 2024.

Weakness Enumeration

Affected Software

Vendor	Product	Versions	Update
Linux	Linux Kernel	>= 3.15, < 5.15.149	—
Linux	Linux Kernel	>= 6.1, < 6.1.76	—
Linux	Linux Kernel	>= 6.2, < 6.6.15	—
Linux	Linux Kernel	>= 6.7, < 6.7.3	—
Linux	Linux Kernel	6.8	Rc1
Fedoraproject	Fedora	39	—
Redhat	Enterprise Linux Desktop	7.0	—
Redhat	Enterprise Linux For Ibm Z Systems	7.0_s390x	—
Redhat	Enterprise Linux For Power Big Endian	7.0_ppc64	—
Redhat	Enterprise Linux For Power Little Endian	7.0_ppc64le	—
Redhat	Enterprise Linux Server	7.0	—
Redhat	Enterprise Linux Workstation	7.0	—
Debian	Debian Linux	10.0	—
Netapp	A250 Firmware	All versions	—
Netapp	500f Firmware	All versions	—
Netapp	C250 Firmware	All versions	—

References

http://www.openwall.com/lists/oss-security/2024/04/10/22Mailing List, Patch
http://www.openwall.com/lists/oss-security/2024/04/10/23Mailing List, Patch
http://www.openwall.com/lists/oss-security/2024/04/14/1Exploit, Mailing List
http://www.openwall.com/lists/oss-security/2024/04/15/2Mailing List
http://www.openwall.com/lists/oss-security/2024/04/17/5Exploit, Mailing List
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660Patch
https://github.com/Notselwyn/CVE-2024-1086Exploit, Third Party Advisory
https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.htmlMailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.htmlMailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/Mailing List
https://news.ycombinator.com/item?id=39828424Issue Tracking
https://pwning.tech/nftables/Exploit, Technical Description, Third Party Advisory
https://security.netapp.com/advisory/ntap-20240614-0009/Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/04/10/22Mailing List, Patch
http://www.openwall.com/lists/oss-security/2024/04/10/23Mailing List, Patch
http://www.openwall.com/lists/oss-security/2024/04/14/1Exploit, Mailing List
http://www.openwall.com/lists/oss-security/2024/04/15/2Mailing List
http://www.openwall.com/lists/oss-security/2024/04/17/5Exploit, Mailing List
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660Patch
https://github.com/Notselwyn/CVE-2024-1086Exploit, Third Party Advisory
https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.htmlMailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.htmlMailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/Mailing List
https://news.ycombinator.com/item?id=39828424Issue Tracking
https://pwning.tech/nftables/Exploit, Technical Description, Third Party Advisory
https://security.netapp.com/advisory/ntap-20240614-0009/Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1086US Government Resource

Timeline

Published: Jan 31, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-1086?

How severe is CVE-2024-1086?

CVE-2024-1086 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 28.06% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2024-1086?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-1086?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST