PT-2024-1597 · Linux+10 · Linux Kernel+10
Notselwyn
·
Published
2024-01-24
·
Updated
2026-05-29
·
CVE-2024-1086
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
kernel versions prior to 6.1.77-alt1
kernel-uek, kernel-uek-debug, kernel-uek-debug-devel, kernel-uek-devel, kernel-uek-doc, kernel-uek-tools versions prior to 6.1.77-alt1
kernel versions 5.10.206 through 5.10.209 (Debian 10 buster)
kernel version 4.12.14-122 186
Description:
Multiple vulnerabilities have been discovered in various Linux kernel packages, including bpftool, kernel, kernel-abi-whitelists, kernel-debug, kernel-debug-devel, kernel-devel, kernel-doc, kernel-headers, kernel-tools, kernel-tools-libs, kernel-tools-libs-devel, perf, and python-perf. These vulnerabilities may lead to privilege escalation, denial of service, or information leaks. Specifically, a use-after-free vulnerability exists in the nf tables component of kernel version 4.12.14-122 186, which could be exploited to achieve local privilege escalation.
Recommendations:
Update to kernel version 6.1.77-alt1 or later.
Update kernel-uek, kernel-uek-debug, kernel-uek-debug-devel, kernel-uek-devel, kernel-uek-doc, and kernel-uek-tools to version 6.1.77-alt1 or later.
For Debian 10 buster, update to kernel version 5.10.209-2~deb10u1 or later.
For kernel version 4.12.14-122 186, apply the available update to address the use-after-free vulnerability.
Exploit
Fix
LPE
DoS
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu