admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-1086.md
marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00

52 lines
2.4 KiB
Markdown
Raw Blame History

### [CVE-2024-1086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1086)
![](https://img.shields.io/static/v1?label=Product&message=Kernel&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3.15%3C%206.8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen)
### Description
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
### POC
#### Reference
- https://github.com/Notselwyn/CVE-2024-1086
- https://news.ycombinator.com/item?id=39828424
- https://pwning.tech/nftables/
#### Github
- https://github.com/Alicey0719/docker-POC_CVE-2024-1086
- https://github.com/BachoSeven/stellestelline
- https://github.com/CCIEVoice2009/CVE-2024-1086
- https://github.com/EGI-Federation/SVG-advisories
- https://github.com/GhostTroops/TOP
- https://github.com/Hiimsonkul/Hiimsonkul
- https://github.com/Notselwyn/CVE-2024-1086
- https://github.com/Notselwyn/exploits
- https://github.com/Notselwyn/notselwyn
- https://github.com/Snoopy-Sec/Localroot-ALL-CVE
- https://github.com/YgorAlberto/ygoralberto.github.io
- https://github.com/aneasystone/github-trending
- https://github.com/aobakwewastaken/aobakwewastaken
- https://github.com/bfengj/Cloud-Security
- https://github.com/brimstone/stars
- https://github.com/bsauce/kernel-exploit-factory
- https://github.com/bsauce/kernel-security-learning
- https://github.com/daphne97/daphne97
- https://github.com/fireinrain/github-trending
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/giterlizzi/secdb-feeds
- https://github.com/iakat/stars
- https://github.com/jafshare/GithubTrending
- https://github.com/johe123qwe/github-trending
- https://github.com/makoto56/penetration-suite-toolkit
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/phixion/phixion
- https://github.com/seekerzz/MyRSSSync
- https://github.com/tanjiti/sec_profile
- https://github.com/uhub/awesome-c
- https://github.com/unresolv/stars
- https://github.com/wuhanstudio/awesome-stars
- https://github.com/xairy/linux-kernel-exploitation
Reference in New Issue View Git Blame Copy Permalink