Linux Kernel Use-After-Free Vulnerability (CVE-2024-1086)
Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.
A local attacker, with a low-privilege account, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. CISA has confirmed use of this vulnerability in known ransomware campaigns — treat as high priority for remediation. Federal agencies are required to remediate by 2024-06-20 under CISA BOD 22-01.
This is a Use After Free (CWE-416) vulnerability in Linux Kernel. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. Exploitation requires local access, low attack complexity, a low-privilege authenticated account, and no user interaction required.
Probably yes if any of these apply:
Used in known ransomware campaigns. Threat-research write-up: http://www.openwall.com/lists/oss-security/2024/04/14/1
Get the fix
Apply the fixed package from your vendor. The advisory lists affected versions and the exact fixed build.
↗ Red Hat advisoryManual remediation steps
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.
References
Related vulnerabilities
KB5000871: Windows Server 2016 / 2019 Security Update (May 2026)
Microsoft Exchange Server
CVE-2021-26855
MEDIUM6.5Microsoft Defender for Identity Improper Authentication — Spoofing (CVE-2025-26685)
Microsoft Defender for Identity
CVE-2025-26685
HIGHIIS Security Updates Require Both Windows Update and Manual Configuration Review
Microsoft IIS