Google Inc. https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html [No types assigned]

Google Inc. https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html [No types assigned]

Google Inc. https://security.netapp.com/advisory/ntap-20240614-0009/ [No types assigned]

OR
     *cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.15 up to (excluding) 6.1.76
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.15
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.7.3
     *cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*

OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.15 up to (excluding) 5.15.149
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1 up to (excluding) 6.1.76
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.15
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.7.3
     *cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*

http://www.openwall.com/lists/oss-security/2024/04/10/22 No Types Assigned

http://www.openwall.com/lists/oss-security/2024/04/10/22 Mailing List, Patch

http://www.openwall.com/lists/oss-security/2024/04/10/23 No Types Assigned

http://www.openwall.com/lists/oss-security/2024/04/10/23 Mailing List, Patch

http://www.openwall.com/lists/oss-security/2024/04/14/1 No Types Assigned

http://www.openwall.com/lists/oss-security/2024/04/14/1 Exploit, Mailing List

http://www.openwall.com/lists/oss-security/2024/04/15/2 No Types Assigned

http://www.openwall.com/lists/oss-security/2024/04/15/2 Mailing List

http://www.openwall.com/lists/oss-security/2024/04/17/5 No Types Assigned

http://www.openwall.com/lists/oss-security/2024/04/17/5 Exploit, Mailing List

https://github.com/Notselwyn/CVE-2024-1086 No Types Assigned

https://github.com/Notselwyn/CVE-2024-1086 Exploit, Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/ No Types Assigned

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/ Mailing List

https://news.ycombinator.com/item?id=39828424 No Types Assigned

https://news.ycombinator.com/item?id=39828424 Issue Tracking

https://pwning.tech/nftables/ No Types Assigned

https://pwning.tech/nftables/ Exploit, Technical Description, Third Party Advisory

2024-05-30

2024-06-20

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Linux Kernel Use-After-Free Vulnerability

Google Inc. http://www.openwall.com/lists/oss-security/2024/04/10/22 [No types assigned]

Google Inc. http://www.openwall.com/lists/oss-security/2024/04/10/23 [No types assigned]

Google Inc. http://www.openwall.com/lists/oss-security/2024/04/14/1 [No types assigned]

Google Inc. http://www.openwall.com/lists/oss-security/2024/04/15/2 [No types assigned]

Google Inc. http://www.openwall.com/lists/oss-security/2024/04/17/5 [No types assigned]

Google Inc. https://pwning.tech/nftables/ [No types assigned]

Google Inc. https://github.com/Notselwyn/CVE-2024-1086 [No types assigned]

Google Inc. https://news.ycombinator.com/item?id=39828424 [No types assigned]

Google Inc. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/ [No types assigned]

OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.15 up to (excluding) 6.1.76
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.15
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.7.3
     *cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*

NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NIST CWE-416

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660 No Types Assigned

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660 Mailing List, Patch

https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660 No Types Assigned

https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660 Patch

Google Inc. AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Google Inc. CWE-416

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.

We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

Google Inc. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660 [No types assigned]

Google Inc. https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660 [No types assigned]