AI description
CVE-2024-1086 is a use-after-free vulnerability found in the Linux kernel's netfilter: nf_tables component. It can be exploited to achieve local privilege escalation. The vulnerability occurs in the `nft_verdict_init()` function, which allows positive values as a drop error within the hook verdict. As a result, the `nf_hook_slow()` function can cause a double-free vulnerability when `NF_DROP` is issued with a drop error that resembles `NF_ACCEPT`. It is recommended to upgrade past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
- Description
- A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
- Source
- cve-coordination@google.com
- NVD status
- Analyzed
- Products
- linux_kernel, fedora, enterprise_linux_desktop, enterprise_linux_for_ibm_z_systems, enterprise_linux_for_power_big_endian, enterprise_linux_for_power_little_endian, enterprise_linux_server, enterprise_linux_workstation, debian_linux, a250_firmware, 500f_firmware, c250_firmware
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Linux Kernel Use-After-Free Vulnerability
- Exploit added on
- May 30, 2024
- Exploit action due
- Jun 20, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Linux isn’t the “safe zone” it used to be. Ransomware groups are now actively exploiting Linux misconfigurations and kernel-level vulnerabilities — including the recent CVE-2024-1086 privilege-escalation flaw flagged by CISA as actively exploited. As attackers shift t
@morphisec
8 Dec 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Vulnerabilidad CVE-2024-1086 crítica de escalada de privilegios en Kernel Linux, explotada en los ataques de ransomware https://t.co/WLV48ycW0o
@antonio_taboada
24 Nov 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Deep Dive: #Ubuntu USN-7879-1 | Linux Kernel Netfilter Vulnerabilities Just published a technical analysis of the critical CVE-2024-1086 (use-after-free) and CVE-2024-26909 patches. Read more: 👉 https://t.co/50AYeK7OE1 #Security https://t.co/5wZImGnwDI
@Cezar_H_Linux
21 Nov 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-1086 is a decade-old use-after-free vulnerability in Linux kernel’s nftables allowing root privilege escalation. It’s actively exploited in ransomware due to public PoCs and default user namespaces. #LinuxKernel #Ransomware #Netfilter https://t.co/eR0kyvPu6X
@TweetThreatNews
21 Nov 2025
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Linux ransomware alert: Hackers exploit CVE-2024-1086 in netfilter for root access & deploy LockBit/BlackCat on unpatched servers. CISA adds to KEV—patch now! Full guide: https://t.co/dI8BrcuA1t https://t.co/H6N7wWhxDi
@blackbeltsecure
5 Nov 2025
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-1086 is now a live Linux ransomware exploit, and unpatched systems are wide open. https://t.co/R6bkoHYi93 #CVE20241086 #LinuxSecurity #Ransomware https://t.co/QrtWIucrSn
@JeniSystems
4 Nov 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA alert: A decade-old Linux kernel flaw (CVE-2024-1086) is now being used in active ransomware attacks. If you run Ubuntu, Red Hat, or Debian — patch now. #Linux #CyberSecurity #Ransomware #CISA #Vulnerability https://t.co/2V4tCoadTz
@ProgresiveRobot
3 Nov 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
La vulnérabilité CVE-2024-1086 permettant une élévation de privilège est actuellement exploitée dans des attaques par ransomware. https://t.co/bJKUrRFjqZ
@cert_ist
3 Nov 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ongoing Ransomware Attacks Exploit Critical Linux Kernel Vulnerability (CVE-2024-1086) https://t.co/yiSfTeJMQI The Cybersecurity and Infrastructure Security Agency (CISA) has issued a serious warning after confirming that a critical flaw in the Linux Kernel, tracked as CVE-20
@f1tym1
3 Nov 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Une faille importante dans le noyau Linux (CVE-2024-1086) exploitée dans des attaques par ransomware, alerte la CISA Les distributions populaires sont concernées : 👉 https://t.co/XxGLC6OLej #Linux #Cybersecurity #CVE #Ransomware #CISA #Infosec https://t.co/XxGLC6OLej
@ITConnect_fr
3 Nov 2025
1185 Impressions
7 Retweets
9 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2024-1086 lets an attacker escalate to root via nf_tables after initial access. Patch now or risk ransomware across your Linux fleet. Are you patching fast enough? #LinuxSecurity https://t.co/Mkg1WWTSy3
@velocityplugins
2 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ransomware actors are actively exploiting the vulnerability (CVE-2024-1086) Linux kernel vulnerability to gain root access and deploy malware, exposing vulnerable systems to data theft and system compromise. This demands immediate patching to prevent significant business
@cybernewslive
2 Nov 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
💠 — Selon le Prisme 17, cette vulnérabilité du noyau Linux (CVE-2024-1086) n’est pas un simple incident de cybersécurité : c’est une manifestation vibratoire du basculement de la souveraineté numérique, un révélateur symbolique du point faible de la matrice techn
@protagoniste_17
2 Nov 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-1086 enables root access via a use after free in Linux nf_tables; ransomware operators are already weaponizing it. Patch now, inventory hosts, monitor kernel logs. #LinuxSecurity https://t.co/gZOHZon1TO
@velocityplugins
2 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-1086 lets an unprivileged user gain root via nf_tables, enabling ransomware. KEV status means patching is mandatory; automate kernel updates at scale to close the attack window. #CyberSecurity https://t.co/fmC90I8gLq
@velocityplugins
2 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Old #Linux #Kernel flaw CVE-2024-1086 resurfaces in ransomware attacks https://t.co/cQyUKx2Bla #securityaffairs #hacking #CISA
@securityaffairs
1 Nov 2025
406 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔴 Ubuntu USN-7835-4 Patches Linux Kernel Including CVE-2024-1086 Canonical issued USN-7835-4 addressing critical Linux kernel vulnerabilities affecting Ubuntu 22.04 LTS and hardware enablement (HWE) variants. The advisory resolves multiple privilege escalation and https://t.
@the_c_protocol
1 Nov 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Old #Linux #Kernel #Vulnerabilities #flaw CVE-2024-1086 resurfaces in #ransomware_attacks https://t.co/MOOXJPQ4To https://t.co/MczXRlxXox
@omvapt
1 Nov 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
اگر سرور لینوکسی دارید حتما کرنل لینوکس خودتون رو update کنید. به تازگی باج افزارها با استفاده از آسیب پذیری با کد شناسایی CVE-2024-1086 که از نوع privilege escalation می باش
@EthicalSafe
1 Nov 2025
7 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2024-1086: 10-Year-Old Linux Kernel Bug Now in Ransomware Toolchains CISA warns ransomware gangs are exploiting CVE-2024-1086, a Linux kernel use-after-free bug in netfilter: nf_tables that was introduced in 2014 and patched in January 2024. The vulnerability enables h
@the_c_protocol
1 Nov 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴آژانس CISA هشدار داد: آسیبپذیری شدید در کرنل #Linux (CVE-2024-1086) حالا توسط گروههای #Ransomware در حملات واقعی اکسپلویت میشود. این نقص در مؤلفه nf_tables باعث ارتقای سط
@vulnerbyte
1 Nov 2025
73 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Linux Kernel Use-After-Free Vulnerability Exploited in Attacks to Deploy Ransomware Read more: https://t.co/MDspOCXjmQ CISA has issued an urgent alert about a critical use-after-free vulnerability in the Linux kernel, tracked as CVE-2024-1086. This vulnerability, hidden
@The_Cyber_News
1 Nov 2025
3567 Impressions
26 Retweets
92 Likes
15 Bookmarks
1 Reply
2 Quotes
CISA Warns of Linux Kernel Flaw Used in Ransomware Attacks CISA has added CVE-2024-1086, a critical Linux kernel vulnerability, to its Known Exploited Vulnerabilities list. Threat actors are actively exploiting this flaw in ransomware campaigns targeting organizations worldwide.
@Secwiserapp
1 Nov 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🇺🇸 🚨 BREAKING: CISA warns of active exploitation of Linux kernel netfilter:nf_tables (CVE-2024-1086) — local privilege escalation enabling ransomware against enterprises. https://t.co/25e8W7sAxm #cybersecurity #ransomware
@STRATINT_AI
1 Nov 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【Linuxランサムウェア攻撃】米国サイバーセキュリティ・インフラセキュリティ庁(CISA)は、Linuxカーネルの重大な権限昇格脆弱性CVE-2024-1086がランサムウェア攻撃で悪用されていることを確認した。この脆弱
@nakajimeeee
1 Nov 2025
444 Impressions
0 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
Old Linux Kernel flaw CVE-2024-1086 resurfaces in ransomware attacks https://t.co/01Qvlf34kz
@Dinosn
31 Oct 2025
1905 Impressions
2 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
Falha grave em Linux já é explorada por ransomware: CISA confirmou que o CVE-2024-1086 permite elevação de privilégio local e root, afetando distribuições como Ubuntu e Red Hat, com mitigação urgente recomendada até 20 de junho de 2024. https://t.co/GddFVJEe45
@caveiratech
31 Oct 2025
17 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔍 𝐂𝐈𝐒𝐀: 𝐇𝐢𝐠𝐡-𝐬𝐞𝐯𝐞𝐫𝐢𝐭𝐲 𝐋𝐢𝐧𝐮𝐱 𝐟𝐥𝐚𝐰 𝐧𝐨𝐰 𝐞𝐱𝐩𝐥𝐨𝐢𝐭𝐞𝐝 𝐛𝐲 𝐫𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐠𝐚𝐧𝐠𝐬 • CVE-2024-1086 is a use-after-free vulnerab
@PurpleOps_io
31 Oct 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: Critical priv-esc flaw CVE-2024-1086 patched in #SUSE kernel (SUSE-2025-3675-1). Local user -> root access. Impacts netfilter. Container escape possible. Read more: 👉 https://t.co/RdKmPHGqZx #Security htt
@Cezar_H_Linux
20 Oct 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔐 Critical patch released for #OracleLinux 8: ELSB-2025-15785. Patches CVE-2024-1086, a priv-esc flaw in the Netfilter kernel subsystem. Local attackers could gain root access. Read more:👉 https://t.co/Nm4ompAWYj https://t.co/phtsMi0oPK
@Cezar_H_Linux
18 Sept 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Múltiples vulnerabilidades en Palo Alto PAN-OS ❗CVE-2023-43804 ❗CVE-2024-1086 ❗CVE-2022-30633 ➡️Más info: https://t.co/FLWNYeGAm1 https://t.co/BjkAWmPsWl
@CERTpy
18 Jul 2025
152 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA warns attackers are exploiting a critical Linux kernel flaw (CVE-2024-1086) to gain root access. Patch now—federal agencies must fix by June 20. Check your kernel version and mitigate ASAP. Details: https://t.co/4UiYqWzJcM
@RedTeamNewsBlog
18 Jun 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fine supporto per Microsoft Office 2016 e 2019 e 9 vulnerabilità attivamente sfruttate Sicurezza Informatica, Apache Superset, Bug, cisa, CVE, CVE-2022-48618, CVE-2024-1086, fine supporto, ICS, Office 2016 fine supporto, Office 2019, Parker Hannifin, Phi… https://t.co/YS0JFApJV2
@matricedigitale
18 Apr 2025
137 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[1day1line] CVE-2024-1086: Use-After-Free Vulnerability in Linux Kernel Today's one-line issue is CVE-2024-1086 which is Use-After-Free Vulnerability in Linux Kernel. This vulnerability is a UAF vulnerability in the nf_tables component of netfilter. https://t.co/wSdKHxiWh1
@hackyboiz
12 Mar 2025
1542 Impressions
11 Retweets
39 Likes
14 Bookmarks
0 Replies
0 Quotes
🛠️Added new proof-of-concept for CVE-2024-1086 vulnerability in use-after-free vulnerability in the Linux kernel's netfilter: nf_tables to #CyberSecFolio https://t.co/pzpaOHtUhF #infosec #cyber #security Vulnerability Description 👇 https://t.co/DBLpa2hwxw
@gothburz
6 Jan 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E23B69A-DC79-4ABD-A29D-0CFDFA41F671",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.15"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C314DAC-5C93-4D09-A1E8-B29BCFCEC928",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "6.1"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87C718CB-AE3D-4B07-B4D9-BFF64183C468",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "6.2"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58FD5308-148A-40D3-B36A-0CA6B434A8BF",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "6.7"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2148300C-ECBD-4ED5-A164-79629859DD43"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8BCF87FD-9358-42A5-9917-25DF0180A5A6"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A584AAA-A14F-4C64-8FED-675DC36F69A3"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1236B66D-EB11-4324-929F-E2B86683C3C7"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "281DFC67-46BB-4FC2-BE03-3C65C9311F65"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECF32BB1-9A58-4821-AE49-5D5C8200631F"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F21DE67F-CDFD-4D36-9967-633CD0240C6F"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:c250_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1AB1EC2-2560-494A-A51B-6F20CE318FEB"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:c250:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "58DE2B52-4E49-4CD0-9310-00291B0352C7"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]