# Linux内核的netfilter: nf_tables组件中的Use-after-free漏洞
## 概述
Linux 内核的 `netfilter: nf_tables` 组件中存在一个 Use-After-Free 漏洞,攻击者可以利用该漏洞实现本地权限提升。
## 影响版本
推荐更新至 `f342de4e2f33e0e39165d8639387aa6c19dff660` 提交之后的版本。
## 细节
`nft_verdict_init()` 函数允许在钩子判决中使用正数值作为 drop 错误,导致 `nf_hook_slow()` 函数在用 drop 错误触发 NF_DROP 时引起双重释放(double free)漏洞,该错误类似于 NF_ACCEPT。
## 影响
该漏洞允许本地攻击者利用 Use-After-Free 实现权限提升。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Proof-of-concept exploit for CVE-2024-1086, working on most Linux kernels between (including) v5.14 and (including) v6.6, including (but not limited to) Debian, Ubuntu, and KernelCTF. | https://github.com/Notselwyn/CVE-2024-1086 | POC详情 |
| 2 | None | https://github.com/Alicey0719/docker-POC_CVE-2024-1086 | POC详情 |
| 3 | None | https://github.com/CCIEVoice2009/CVE-2024-1086 | POC详情 |
| 4 | None | https://github.com/rootkalilocalhost/CVE-2024-1086 | POC详情 |
| 5 | None | https://github.com/kevcooper/CVE-2024-1086-checker | POC详情 |
| 6 | None | https://github.com/feely666/CVE-2024-1086 | POC详情 |
| 7 | None | https://github.com/xzx482/CVE-2024-1086 | POC详情 |
| 8 | None | https://github.com/pl0xe/CVE-2024-1086 | POC详情 |
| 9 | None | https://github.com/matrixvk/CVE-2024-1086-aarch64 | POC详情 |
| 10 | None | https://github.com/LLfam/CVE-2024-1086 | POC详情 |
| 11 | Educational, non-functional Linux kernel exploit template for CVE-2024-1086 — lab-only security research and teaching (use in controlled VMs only). | https://github.com/karim4353/CVE-2024-1086-Exploit | POC详情 |
暂无评论