Linux Kernel Product Security Advisory

Jul 02 2024

Overview

An advisory has been issued for a vulnerability in the Linux Kernel Netfilter.

Affected Products

CVE-2024-0193

Linux Kernel Netfilter Versions: 6.5-rc6 (inclusive) ~ 6.7-rc8 (inclusive)

Resolved Vulnerabilities

CVE-2024-0193: A use-after-free flaw in the netfilter subsystem of the Linux Kernel allows local users with CAP_NET_ADMIN privileges to escalate system privileges (6.7MEDIUM, CVSS V3.1 Date Added: 2024.01.19)

exploit poc[1] and technical details[2] have been made publicly available.

vulnerability Mitigation

Action: Disable unprivileged username space

Referenced Sites

[1] https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2024-0193_cos/docs/exploit.md

[2] https://github.com/google/security-research/tree/master/pocs/linux/kernelctf/CVE-2024-0193_cos/exploit/cos-105-17412.226.52

[3] CVE-2024-0193 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-0193

Linux Kernel Product Security Advisory

Fortra Product Security Update Advisory (CVE-2024-5276)

Spotfire Family Security Update Advisory (CVE-2024-3330)

Tags:

Fortra Product Security Update Advisory (CVE-2024-5276)

Spotfire Family Security Update Advisory (CVE-2024-3330)