Linux Kernel Security Update Advisory (CVE-2024-1086)

Overview

 

The Linux Foundation has released a security update to address a vulnerability in its kernel. users of affected products are advised to update to the latest version.

 

Affected Products

 

Linux Kernel

• 3.15 (inclusive) to 6.1.76 (excluded)
• 6.2 (inclusive) to 6.6.15 (excluded)
• 6.7 (inclusive) to 6.7.3 (excluded)

 

Resolved Vulnerabilities

 

Use-after-free vulnerability in Linux Kernel with possible local privilege escalation (CVE-2024-1086) [1][2]

 

vulnerability Action

 

vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

Linux Kernel versions 6.1.76, 6.6.15, and 6.7.3

 

Additionally, if you are running an operating system that has released security updates, please refer to the Referenced Sites to perform security actions or updates.

– Debian [3]

– Ubuntu [4]

– Red Hat/CentOS [5]

– SUSE/openSUSE [6]

 

Referenced Sites

 

[1]netfilter: nf_tables: reject QUEUE/DROP verdict parameters

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660

[2] netfilter: nf_tables: reject QUEUE/DROP verdict parameters

https://kernel.dance/#f342de4e2f33e0e39165d8639387aa6c19dff660

[3] cve-2024-1086

https://security-tracker.debian.org/tracker/CVE-2024-1086

[4] cve-2024-1086

https://ubuntu.com/security/CVE-2024-1086

[5] cve-2024-1086

https://access.redhat.com/security/cve/CVE-2024-1086

[6] cve-2024-1086

https://www.suse.com/security/cve/CVE-2024-1086.html