Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2024-1086

Description

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

POC

Reference

- https://github.com/Notselwyn/CVE-2024-1086

- https://news.ycombinator.com/item?id=39828424

- https://pwning.tech/nftables/

Github

- https://github.com/0pts/0pts-bitpixie

- https://github.com/0xMarcio/cve

- https://github.com/0xsyr0/OSCP

- https://github.com/AMatheusFeitosaM/OSCP-Cheat

- https://github.com/ARGOeu-Metrics/secmon-probes

- https://github.com/AdamDanielHarris/awesome-stars

- https://github.com/Alicey0719/docker-POC_CVE-2024-1086

- https://github.com/AlvaroCaroFdez/IS-3.c.02-ACF

- https://github.com/Andromeda254/cve

- https://github.com/Anomaly-8/ZPOZAS_lab2

- https://github.com/BachoSeven/stellestelline

- https://github.com/CCIEVoice2009/CVE-2024-1086

- https://github.com/CHDevSec/RedPhaton

- https://github.com/Disturbante/Linux-Pentest

- https://github.com/EGI-Federation/SVG-advisories

- https://github.com/EnriqueSanchezdelVillar/NotesHck

- https://github.com/Faizan-Khanx/OSCP

- https://github.com/FishAnonymous/CAShift-Record

- https://github.com/GhostTroops/TOP

- https://github.com/GonzaloPulido/UAC_Incidentes

- https://github.com/Hiimsonkul/Hiimsonkul

- https://github.com/HugoAPortela/Criando-Agente-Deteccao-Vulnerabilidades-Arquiteturas

- https://github.com/IAKAT/stars

- https://github.com/Jappie3/starred

- https://github.com/LLfam/CVE-2024-1086

- https://github.com/Maikefee/linux-exploit-hunter

- https://github.com/Mudoleto/URL_CODER

- https://github.com/Notselwyn/CVE-2024-1086

- https://github.com/Notselwyn/exploits

- https://github.com/Notselwyn/notselwyn

- https://github.com/PsychoH4x0r/Unknown1337-Auto-Root-

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/ReflectedThanatos/OSCP-cheatsheet

- https://github.com/S3cur3Th1sSh1t/My-starred-Repositories

- https://github.com/SantoriuHen/NotesHck

- https://github.com/SenukDias/OSCP_cheat

- https://github.com/Snoopy-Sec/Localroot-ALL-CVE

- https://github.com/Steven19950530/CVE-Project

- https://github.com/Technetium1/stars

- https://github.com/TigerIsMyPet/KernelExploit

- https://github.com/VishuGahlyan/OSCP

- https://github.com/Willenst/primitive

- https://github.com/YgorAlberto/ygoralberto.github.io

- https://github.com/andigandhi/bitpixie

- https://github.com/aneasystone/github-trending

- https://github.com/aobakwewastaken/aobakwewastaken

- https://github.com/bfengj/Cloud-Security

- https://github.com/brimstone/stars

- https://github.com/bsauce/bsauce

- https://github.com/bsauce/kernel-exploit-factory

- https://github.com/bsauce/kernel-security-learning

- https://github.com/daphne97/daphne97

- https://github.com/exfilt/CheatSheet

- https://github.com/fazilbaig1/oscp

- https://github.com/feely666/CVE-2024-1086

- https://github.com/fireinrain/github-trending

- https://github.com/fkie-cad/nvd-json-data-feeds

- https://github.com/garatc/DeviceDecryption

- https://github.com/garatc/bitpixie

- https://github.com/giterlizzi/secdb-feeds

- https://github.com/iakat/stars

- https://github.com/inikhilgitd/Basic-Vulnerability-Scan-on-Your-PC

- https://github.com/jafshare/GithubTrending

- https://github.com/jetblk/Flipper-Zero-JavaScript

- https://github.com/jitmondal1/OSCP

- https://github.com/jmfgd/cve_details

- https://github.com/johe123qwe/github-trending

- https://github.com/karim4353/CVE-2024-1086-Exploit

- https://github.com/karim4353/karim4353

- https://github.com/kevcooper/CVE-2024-1086-checker

- https://github.com/lobo360/iptables-ubuntu

- https://github.com/lykorix/CVE-Research

- https://github.com/makoto56/penetration-suite-toolkit

- https://github.com/martanne/bitpixie

- https://github.com/matrixvk/CVE-2024-1086-aarch64

- https://github.com/nisadevi11/Localroot-ALL-CVE

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/phixion/phixion

- https://github.com/pl0xe/CVE-2024-1086

- https://github.com/seekerzz/MyRSSSync

- https://github.com/tanjiti/sec_profile

- https://github.com/trganda/starrlist

- https://github.com/uhub/awesome-c

- https://github.com/unresolv/stars

- https://github.com/wuhanstudio/awesome-stars

- https://github.com/xairy/linux-kernel-exploitation

- https://github.com/xzx482/CVE-2024-1086

- https://github.com/yigitcantunay35/les-moders

- https://github.com/zhanpengliu-tencent/medium-cve

- https://github.com/zulloper/cve-poc