PT-2024-7739 · Linux+5 · Linux Kernel+5

Published

2024-02-19

·

Updated

2025-08-05

·

CVE-2024-26809

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.28
Description A critical security flaw has been discovered in the Linux kernel's nftables subsystem, which is responsible for packet filtering in modern Linux distributions. The vulnerability is related to a double-free issue in the netfilter component, specifically in the nft set pipapo function. This flaw can be exploited to achieve a local privilege escalation, allowing an attacker to gain root access. A Proof-of-Concept (PoC) exploit has been released, demonstrating the vulnerability's severity.
Recommendations To resolve the issue, update the Linux kernel to version 6.6.28 or later. This update includes the necessary fixes to address the double-free vulnerability in the nftables subsystem. Ensure that all affected systems are updated as soon as possible to prevent potential exploitation.

Exploit

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

BDU:2024-09207
CVE-2024-26809
DLA-3842-1
DSA-5658-1
DSA-5681-1
MGASA-2024-0141
MGASA-2024-0142
OESA-2024-1622
OESA-2024-1647
OESA-2024-1648
OESA-2024-1649
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3383-1
SUSE-SU-2025:02601-1
SUSE-SU-2025:02632-1
SUSE-SU-2025:02691-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6820-1
USN-6820-2
USN-6821-1
USN-6821-2
USN-6821-3
USN-6821-4
USN-6828-1
USN-6871-1
USN-6872-1
USN-6872-2
USN-6873-1
USN-6873-2
USN-6874-1
USN-6878-1
USN-6892-1
USN-6900-1
USN-6919-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu