Unrated severityCISA KEVNVD Advisory· Published Jan 31, 2024· Updated Oct 21, 2025

Use-after-free in Linux kernel's netfilter: nf_tables component

CVE-2024-1086

Description

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.

We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

Affected products

Linux/Kernelv5
Range: 3.15

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mitrepatch
www.openwall.com/lists/oss-security/2024/04/10/22mitre
www.openwall.com/lists/oss-security/2024/04/10/23mitre
www.openwall.com/lists/oss-security/2024/04/14/1mitre
www.openwall.com/lists/oss-security/2024/04/15/2mitre
www.openwall.com/lists/oss-security/2024/04/17/5mitre
kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660mitre
lists.debian.org/debian-lts-announce/2024/06/msg00016.htmlmitre
lists.debian.org/debian-lts-announce/2024/06/msg00020.htmlmitre
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/mitre
news.ycombinator.com/itemmitre
pwning.tech/nftables/mitre
security.netapp.com/advisory/ntap-20240614-0009/mitre

News mentions

Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalation
Tenable Blog · May 14, 2026

cvss	0.000
epss	0.068
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.060