CVE-2024-1085

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-1085
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1085.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-1085
Downstream
Related
Published
2024-01-31T12:14:32.429Z
Modified
2026-05-08T04:54:36.918585Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Use-after-free in Linux kernel's netfilter: nf_tables component
Details

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

The nftsetelemcatchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability.

We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7.

Database specific 
{
    "cna_assigner": "Google",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/1xxx/CVE-2024-1085.json",
    "cwe_ids": [
        "CWE-416"
    ]
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Events
Introduced
62fb9874f5da54fdb243003b386128037319b219
Fixed
e8f897f4afef0031fe618a8e94127a0934896aba
Database specific 
{
    "extracted_events": [
        {
            "introduced": "5.13"
        },
        {
            "fixed": "6.8"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1085.json"