The KernelCare team announces the release of live patches for CloudLinux 6h and CloudLinux 7, addressing CVE-2024-1086, a vulnerability in the Netfilter subsystem of the Linux kernel. Users are urged to apply the patches promptly to mitigate the risk of local privilege escalation.
The vulnerability, identified in the nft_verdict_init() function, could lead to a double-free vulnerability when NF_DROP is issued with a drop error similar to NF_ACCEPT. Exploiting this issue in the nf_tables component poses a significant security threat, as publicly available proof-of-concept code makes it trivially exploitable for a local user.
While live patches are available for CloudLinux 6h and CloudLinux 7, users on other distributions should monitor the TuxCare CVE tracker for updates on patch availability. TuxCare emphasizes the importance of promptly applying patches to ensure system security.