2024-03-28 19:06:47 +00:00
<!doctype html>
< html lang = "en" class = "no-js" >
< head >
< meta charset = "utf-8" >
< meta name = "viewport" content = "width=device-width,initial-scale=1" >
< meta name = "description" content = "The wiki for the Rocky Linux Security Special Interest Group" >
< link rel = "canonical" href = "https://sig-security.rocky.page/issues/CVE-2024-1086/" >
< link rel = "prev" href = "../CVE-2023-4911/" >
2024-04-18 18:58:47 +00:00
< link rel = "next" href = "../CVE-2024-2961/" >
2024-03-28 19:06:47 +00:00
< link rel = "icon" href = "../../assets/images/favicon.png" >
2024-10-23 16:37:17 +00:00
< meta name = "generator" content = "mkdocs-1.6.1, mkdocs-material-9.5.42" >
2024-03-28 19:06:47 +00:00
< title > CVE-2024-1086: kernel - SIG/Security Wiki< / title >
2024-10-23 16:37:17 +00:00
< link rel = "stylesheet" href = "../../assets/stylesheets/main.0253249f.min.css" >
2024-03-28 19:06:47 +00:00
< link rel = "stylesheet" href = "../../assets/stylesheets/palette.06af60db.min.css" >
< link rel = "preconnect" href = "https://fonts.gstatic.com" crossorigin >
< link rel = "stylesheet" href = "https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback" >
< style > : root { --md-text-font : "Roboto" ; --md-code-font : "Roboto Mono" } < / style >
2024-10-23 16:37:17 +00:00
< script > _ _md _scope = new URL ( "../.." , location ) , _ _md _hash = e => [ ... e ] . reduce ( ( ( e , _ ) => ( e << 5 ) - e + _ . charCodeAt ( 0 ) ) , 0 ) , _ _md _get = ( e , _ = localStorage , t = _ _md _scope ) => JSON . parse ( _ . getItem ( t . pathname + "." + e ) ) , _ _md _set = ( e , _ , t = localStorage , a = _ _md _scope ) => { try { t . setItem ( a . pathname + "." + e , JSON . stringify ( _ ) ) } catch ( e ) { } } < / script >
2024-03-28 19:06:47 +00:00
< / head >
< body dir = "ltr" data-md-color-scheme = "default" data-md-color-primary = "teal" data-md-color-accent = "teal" >
< input class = "md-toggle" data-md-toggle = "drawer" type = "checkbox" id = "__drawer" autocomplete = "off" >
< input class = "md-toggle" data-md-toggle = "search" type = "checkbox" id = "__search" autocomplete = "off" >
< label class = "md-overlay" for = "__drawer" > < / label >
< div data-md-component = "skip" >
< a href = "#cve-2024-1086-kernel" class = "md-skip" >
Skip to content
< / a >
< / div >
< div data-md-component = "announce" >
< / div >
< header class = "md-header md-header--shadow" data-md-component = "header" >
< nav class = "md-header__inner md-grid" aria-label = "Header" >
< a href = "../.." title = "SIG/Security Wiki" class = "md-header__button md-logo" aria-label = "SIG/Security Wiki" data-md-component = "logo" >
< img src = "../../assets/icon-white.svg" alt = "logo" >
< / a >
< label class = "md-header__button md-icon" for = "__drawer" >
2024-10-23 16:37:17 +00:00
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z" / > < / svg >
2024-03-28 19:06:47 +00:00
< / label >
< div class = "md-header__title" data-md-component = "header-title" >
< div class = "md-header__ellipsis" >
< div class = "md-header__topic" >
< span class = "md-ellipsis" >
SIG/Security Wiki
< / span >
< / div >
< div class = "md-header__topic" data-md-component = "header-topic" >
< span class = "md-ellipsis" >
CVE-2024-1086: kernel
< / span >
< / div >
< / div >
< / div >
< form class = "md-header__option" data-md-component = "palette" >
< input class = "md-option" data-md-color-media = "(prefers-color-scheme: light)" data-md-color-scheme = "default" data-md-color-primary = "teal" data-md-color-accent = "teal" aria-label = "Switch to dark mode" type = "radio" name = "__palette" id = "__palette_0" >
< label class = "md-header__button md-icon" title = "Switch to dark mode" for = "__palette_1" hidden >
2024-10-23 16:37:17 +00:00
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "m17.75 4.09-2.53 1.94.91 3.06-2.63-1.81-2.63 1.81.91-3.06-2.53-1.94L12.44 4l1.06-3 1.06 3zm3.5 6.91-1.64 1.25.59 1.98-1.7-1.17-1.7 1.17.59-1.98L15.75 11l2.06-.05L18.5 9l.69 1.95zm-2.28 4.95c.83-.08 1.72 1.1 1.19 1.85-.32.45-.66.87-1.08 1.27C15.17 23 8.84 23 4.94 19.07c-3.91-3.9-3.91-10.24 0-14.14.4-.4.82-.76 1.27-1.08.75-.53 1.93.36 1.85 1.19-.27 2.86.69 5.83 2.89 8.02a9.96 9.96 0 0 0 8.02 2.89m-1.64 2.02a12.08 12.08 0 0 1-7.8-3.47c-2.17-2.19-3.33-5-3.49-7.82-2.81 3.14-2.7 7.96.31 10.98 3.02 3.01 7.84 3.12 10.98.31" / > < / svg >
2024-03-28 19:06:47 +00:00
< / label >
< input class = "md-option" data-md-color-media = "(prefers-color-scheme: dark)" data-md-color-scheme = "slate" data-md-color-primary = "teal" data-md-color-accent = "teal" aria-label = "Switch to light mode" type = "radio" name = "__palette" id = "__palette_1" >
< label class = "md-header__button md-icon" title = "Switch to light mode" for = "__palette_0" hidden >
2024-10-23 16:37:17 +00:00
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M12 7a5 5 0 0 1 5 5 5 5 0 0 1-5 5 5 5 0 0 1-5-5 5 5 0 0 1 5-5m0 2a3 3 0 0 0-3 3 3 3 0 0 0 3 3 3 3 0 0 0 3-3 3 3 0 0 0-3-3m0-7 2.39 3.42C13.65 5.15 12.84 5 12 5s-1.65.15-2.39.42zM3.34 7l4.16-.35A7.2 7.2 0 0 0 5.94 8.5c-.44.74-.69 1.5-.83 2.29zm.02 10 1.76-3.77a7.131 7.131 0 0 0 2.38 4.14zM20.65 7l-1.77 3.79a7.02 7.02 0 0 0-2.38-4.15zm-.01 10-4.14.36c.59-.51 1.12-1.14 1.54-1.86.42-.73.69-1.5.83-2.29zM12 22l-2.41-3.44c.74.27 1.55.44 2.41.44.82 0 1.63-.17 2.37-.44z" / > < / svg >
2024-03-28 19:06:47 +00:00
< / label >
< / form >
2024-10-23 16:37:17 +00:00
< script > var palette = _ _md _get ( "__palette" ) ; if ( palette && palette . color ) { if ( "(prefers-color-scheme)" === palette . color . media ) { var media = matchMedia ( "(prefers-color-scheme: light)" ) , input = document . querySelector ( media . matches ? "[data-md-color-media='(prefers-color-scheme: light)']" : "[data-md-color-media='(prefers-color-scheme: dark)']" ) ; palette . color . media = input . getAttribute ( "data-md-color-media" ) , palette . color . scheme = input . getAttribute ( "data-md-color-scheme" ) , palette . color . primary = input . getAttribute ( "data-md-color-primary" ) , palette . color . accent = input . getAttribute ( "data-md-color-accent" ) } for ( var [ key , value ] of Object . entries ( palette . color ) ) document . body . setAttribute ( "data-md-color-" + key , value ) } < / script >
2024-03-28 19:06:47 +00:00
< label class = "md-header__button md-icon" for = "__search" >
2024-10-23 16:37:17 +00:00
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5" / > < / svg >
2024-03-28 19:06:47 +00:00
< / label >
< div class = "md-search" data-md-component = "search" role = "dialog" >
< label class = "md-search__overlay" for = "__search" > < / label >
< div class = "md-search__inner" role = "search" >
< form class = "md-search__form" name = "search" >
< input type = "text" class = "md-search__input" name = "query" aria-label = "Search" placeholder = "Search" autocapitalize = "off" autocorrect = "off" autocomplete = "off" spellcheck = "false" data-md-component = "search-query" required >
< label class = "md-search__icon md-icon" for = "__search" >
2024-10-23 16:37:17 +00:00
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5" / > < / svg >
2024-03-28 19:06:47 +00:00
2024-10-23 16:37:17 +00:00
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z" / > < / svg >
2024-03-28 19:06:47 +00:00
< / label >
< nav class = "md-search__options" aria-label = "Search" >
< button type = "reset" class = "md-search__icon md-icon" title = "Clear" aria-label = "Clear" tabindex = "-1" >
2024-10-23 16:37:17 +00:00
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z" / > < / svg >
2024-03-28 19:06:47 +00:00
< / button >
< / nav >
< div class = "md-search__suggest" data-md-component = "search-suggest" > < / div >
< / form >
< div class = "md-search__output" >
2024-06-14 14:30:39 +00:00
< div class = "md-search__scrollwrap" tabindex = "0" data-md-scrollfix >
2024-03-28 19:06:47 +00:00
< div class = "md-search-result" data-md-component = "search-result" >
< div class = "md-search-result__meta" >
Initializing search
< / div >
< ol class = "md-search-result__list" role = "presentation" > < / ol >
< / div >
< / div >
< / div >
< / div >
< / div >
< div class = "md-header__source" >
< a href = "https://git.resf.org/security/wiki" title = "Go to repository" class = "md-source" data-md-component = "source" >
< div class = "md-source__icon md-icon" >
2024-10-23 16:37:17 +00:00
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 448 512" > <!-- ! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc. --> < path d = "M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81" / > < / svg >
2024-03-28 19:06:47 +00:00
< / div >
< div class = "md-source__repository" >
security/wiki
< / div >
< / a >
< / div >
< / nav >
< / header >
< div class = "md-container" data-md-component = "container" >
< main class = "md-main" data-md-component = "main" >
< div class = "md-main__inner md-grid" >
< div class = "md-sidebar md-sidebar--primary" data-md-component = "sidebar" data-md-type = "navigation" >
< div class = "md-sidebar__scrollwrap" >
< div class = "md-sidebar__inner" >
< nav class = "md-nav md-nav--primary md-nav--integrated" aria-label = "Navigation" data-md-level = "0" >
< label class = "md-nav__title" for = "__drawer" >
< a href = "../.." title = "SIG/Security Wiki" class = "md-nav__button md-logo" aria-label = "SIG/Security Wiki" data-md-component = "logo" >
< img src = "../../assets/icon-white.svg" alt = "logo" >
< / a >
SIG/Security Wiki
< / label >
< div class = "md-nav__source" >
< a href = "https://git.resf.org/security/wiki" title = "Go to repository" class = "md-source" data-md-component = "source" >
< div class = "md-source__icon md-icon" >
2024-10-23 16:37:17 +00:00
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 448 512" > <!-- ! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc. --> < path d = "M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81" / > < / svg >
2024-03-28 19:06:47 +00:00
< / div >
< div class = "md-source__repository" >
security/wiki
< / div >
< / a >
< / div >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../.." class = "md-nav__link" >
< span class = "md-ellipsis" >
SIG/Security Wiki
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../news/" class = "md-nav__link" >
< span class = "md-ellipsis" >
News
< / span >
< / a >
< / li >
2024-04-18 18:58:47 +00:00
2024-07-01 12:04:02 +00:00
2024-07-08 19:03:44 +00:00
2024-04-18 18:58:47 +00:00
2024-03-28 19:06:47 +00:00
< li class = "md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle " type = "checkbox" id = "__nav_3" checked >
< label class = "md-nav__link" for = "__nav_3" id = "__nav_3_label" tabindex = "" >
< span class = "md-ellipsis" >
Issues
< / span >
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" data-md-level = "1" aria-labelledby = "__nav_3_label" aria-expanded = "true" >
< label class = "md-nav__title" for = "__nav_3" >
< span class = "md-nav__icon md-icon" > < / span >
Issues
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../CVE-2023-23583/" class = "md-nav__link" >
< span class = "md-ellipsis" >
CVE-2023-23583: microcode_ctl
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../CVE-2023-4911/" class = "md-nav__link" >
< span class = "md-ellipsis" >
CVE-2023-4911: glibc
< / span >
< / a >
< / li >
< li class = "md-nav__item md-nav__item--active" >
< input class = "md-nav__toggle md-toggle" type = "checkbox" id = "__toc" >
< label class = "md-nav__link md-nav__link--active" for = "__toc" >
< span class = "md-ellipsis" >
CVE-2024-1086: kernel
< / span >
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< a href = "./" class = "md-nav__link md-nav__link--active" >
< span class = "md-ellipsis" >
CVE-2024-1086: kernel
< / span >
< / a >
< nav class = "md-nav md-nav--secondary" aria-label = "Table of contents" >
< label class = "md-nav__title" for = "__toc" >
< span class = "md-nav__icon md-icon" > < / span >
Table of contents
< / label >
< ul class = "md-nav__list" data-md-component = "toc" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "#title" class = "md-nav__link" >
< span class = "md-ellipsis" >
Title
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#summary" class = "md-nav__link" >
< span class = "md-ellipsis" >
Summary
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
2024-04-18 15:38:02 +00:00
< a href = "#el9" class = "md-nav__link" >
2024-03-28 19:06:47 +00:00
< span class = "md-ellipsis" >
2024-04-18 15:38:02 +00:00
EL9
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#el8" class = "md-nav__link" >
< span class = "md-ellipsis" >
EL8
2024-03-28 19:06:47 +00:00
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#mitigation" class = "md-nav__link" >
< span class = "md-ellipsis" >
Mitigation
< / span >
< / a >
< / li >
< / ul >
< / nav >
< / li >
2024-04-18 18:58:47 +00:00
< li class = "md-nav__item" >
< a href = "../CVE-2024-2961/" class = "md-nav__link" >
< span class = "md-ellipsis" >
CVE-2024-2961: glibc
< / span >
< / a >
< / li >
2024-07-01 12:04:02 +00:00
< li class = "md-nav__item" >
< a href = "../CVE-2024-6387/" class = "md-nav__link" >
< span class = "md-ellipsis" >
CVE-2024-6387: openssh
< / span >
< / a >
< / li >
2024-07-08 19:03:44 +00:00
< li class = "md-nav__item" >
< a href = "../CVE-2024-6409/" class = "md-nav__link" >
< span class = "md-ellipsis" >
CVE-2024-6409: openssh
< / span >
< / a >
< / li >
2024-03-28 19:06:47 +00:00
< / ul >
< / nav >
< / li >
< li class = "md-nav__item md-nav__item--section md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle md-toggle--indeterminate" type = "checkbox" id = "__nav_4" >
< label class = "md-nav__link" for = "__nav_4" id = "__nav_4_label" tabindex = "" >
< span class = "md-ellipsis" >
Packages
< / span >
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" data-md-level = "1" aria-labelledby = "__nav_4_label" aria-expanded = "false" >
< label class = "md-nav__title" for = "__nav_4" >
< span class = "md-nav__icon md-icon" > < / span >
Packages
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../packages/control/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Extra package: control
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../packages/glibc/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Override package: glibc
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../packages/hardened_malloc/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Extra package: hardened_malloc
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../packages/lkrg/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Extra package: lkrg
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../packages/microcode_ctl/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Override package: microcode_ctl
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../packages/openssh/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Override package: openssh
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../packages/passwdqc/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Extra package: passwdqc
< / span >
< / a >
< / li >
< / ul >
< / nav >
< / li >
< / ul >
< / nav >
< / div >
< / div >
< / div >
< div class = "md-content" data-md-component = "content" >
< article class = "md-content__inner md-typeset" >
< a href = "https://git.resf.org/security/wiki/_edit/main/docs/issues/CVE-2024-1086.md" title = "Edit this page" class = "md-content__button md-icon" >
2024-10-23 16:37:17 +00:00
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M10 20H6V4h7v5h5v3.1l2-2V8l-6-6H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h4zm10.2-7c.1 0 .3.1.4.2l1.3 1.3c.2.2.2.6 0 .8l-1 1-2.1-2.1 1-1c.1-.1.2-.2.4-.2m0 3.9L14.1 23H12v-2.1l6.1-6.1z" / > < / svg >
2024-03-28 19:06:47 +00:00
< / a >
< h1 id = "cve-2024-1086-kernel" > CVE-2024-1086: kernel< a class = "headerlink" href = "#cve-2024-1086-kernel" title = "Permanent link" > ¶ < / a > < / h1 >
< h2 id = "title" > Title< a class = "headerlink" href = "#title" title = "Permanent link" > ¶ < / a > < / h2 >
< p > CVE-2024-1086: kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function< / p >
< h2 id = "summary" > Summary< a class = "headerlink" href = "#summary" title = "Permanent link" > ¶ < / a > < / h2 >
< p > As < a href = "https://access.redhat.com/security/cve/CVE-2024-1086" > briefly described by Red Hat< / a > :< / p >
< p > A flaw was found in the Netfilter subsystem in the Linux kernel. This issue occurs in the < code > nft_verdict_init()< / code > function, allowing positive values as a drop error within the hook verdict, therefore, the < code > nf_hook_slow()< / code > function can cause a double-free vulnerability when < code > NF_DROP< / code > is issued with a drop error that resembles < code > NF_ACCEPT< / code > . The < code > nf_tables< / code > component can be exploited to achieve local privilege escalation.< / p >
< p > Exploitation of the flaw is < a href = "https://pwning.tech/nftables/" > described in great detail in a blog post by Notselwyn< / a > .< / p >
< p > Public disclosure date: March 26, 2024 for the above blog post, which made the issue widely known< / p >
2024-04-18 15:38:02 +00:00
< h2 id = "el9" > EL9< a class = "headerlink" href = "#el9" title = "Permanent link" > ¶ < / a > < / h2 >
2024-05-22 14:11:53 +00:00
< ul >
< li > Fixed in version: < code > kernel-5.14.0-427.16.1.el9_4< / code > available May 8, 2024< / li >
< / ul >
2024-04-18 15:38:02 +00:00
< h2 id = "el8" > EL8< a class = "headerlink" href = "#el8" title = "Permanent link" > ¶ < / a > < / h2 >
< ul >
< li > Fixed in version: < code > kernel-4.18.0-513.24.1.el8_9< / code > available April 5, 2024< / li >
< li > Errata: < a href = "https://errata.rockylinux.org/RLSA-2024:1607" > RLSA-2024:1607< / a > issued April 5, 2024< / li >
< / ul >
2024-03-28 19:06:47 +00:00
< h2 id = "mitigation" > Mitigation< a class = "headerlink" href = "#mitigation" title = "Permanent link" > ¶ < / a > < / h2 >
2024-05-22 14:11:53 +00:00
< p > We also recommend two mitigations:< / p >
2024-03-28 19:38:14 +00:00
< ul >
2024-03-28 19:06:47 +00:00
< li > If you don't use containers, we recommend that you disable user namespaces e.g. by running the below commands as root:< / li >
2024-03-28 19:38:14 +00:00
< / ul >
2024-03-28 19:06:47 +00:00
< div class = "highlight" > < pre > < span > < / span > < code > echo user.max_user_namespaces=0 > /etc/sysctl.d/userns.conf
sysctl -p /etc/sysctl.d/userns.conf
< / code > < / pre > < / div >
< p > This is a mitigation also suggested by Red Hat.
2024-04-18 15:38:02 +00:00
It is sufficient to fully mitigate this and other/future related vulnerabilities.< / p >
2024-03-28 19:38:14 +00:00
< ul >
2024-04-18 15:38:02 +00:00
< li >
< p > If you cannot disable user namespaces, you may nevertheless be able to < a href = "https://www.openwall.com/lists/oss-security/2024/04/14/1" > disable network namespaces< / a > , which is also sufficient to fully mitigate this and some other/future related vulnerabilities.< / p >
< / li >
< li >
< p > Install our < a href = "../../packages/lkrg/" > package of LKRG< / a > , start and enable the service.< / p >
< / li >
2024-03-28 19:38:14 +00:00
< / ul >
2024-03-28 19:06:47 +00:00
< p > This does not fully mitigate the vulnerability,
but it reliably prevents the specific exploit referenced above from working and produces LKRG alerts when the exploit is run.
LKRG's feature that does so is its allow list for the kernel's usermodehelper.
2024-04-18 15:38:02 +00:00
This will similarly prevent other/future exploits that abuse usermodehelper.
The remaining risks are Denial of Service (DoS) as even interrupted exploits may leave the system in an unstable state,
and a different exploit of the same vulnerability bypassing LKRG.< / p >
2024-03-28 19:06:47 +00:00
< aside class = "md-source-file" >
< span class = "md-source-file__fact" >
< span class = "md-icon" title = "Last update" >
2024-10-23 16:37:17 +00:00
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1zM12.5 7v5.2l4 2.4-1 1L11 13V7zM11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2z" / > < / svg >
2024-03-28 19:06:47 +00:00
< / span >
2024-05-22 14:11:53 +00:00
< span class = "git-revision-date-localized-plugin git-revision-date-localized-plugin-date" > May 20, 2024< / span >
2024-03-28 19:06:47 +00:00
< / span >
< / aside >
< / article >
< / div >
< script > var target = document . getElementById ( location . hash . slice ( 1 ) ) ; target && target . name && ( target . checked = target . name . startsWith ( "__tabbed_" ) ) < / script >
< / div >
< button type = "button" class = "md-top md-icon" data-md-component = "top" hidden >
2024-10-23 16:37:17 +00:00
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z" / > < / svg >
2024-03-28 19:06:47 +00:00
Back to top
< / button >
< / main >
< footer class = "md-footer" >
< div class = "md-footer-meta md-typeset" >
< div class = "md-footer-meta__inner md-grid" >
< div class = "md-copyright" >
< div class = "md-copyright__highlight" >
Copyright © 2023 Rocky Enterprise Software Foundation
< / div >
Made with
< a href = "https://squidfunk.github.io/mkdocs-material/" target = "_blank" rel = "noopener" >
Material for MkDocs
< / a >
< / div >
< / div >
< / div >
< / footer >
< / div >
< div class = "md-dialog" data-md-component = "dialog" >
< div class = "md-dialog__inner md-typeset" > < / div >
< / div >
2024-10-23 16:37:17 +00:00
< script id = "__config" type = "application/json" > { "base" : "../.." , "features" : [ "navigation.expand" , "navigation.indexes" , "navigation.instant" , "navigation.sections" , "navigation.top" , "navigation.tracking" , "navigation.path" , "search.highlight" , "search.suggest" , "toc.integrate" , "content.action.edit" ] , "search" : "../../assets/javascripts/workers/search.6ce7567c.min.js" , "translations" : { "clipboard.copied" : "Copied to clipboard" , "clipboard.copy" : "Copy to clipboard" , "search.result.more.one" : "1 more on this page" , "search.result.more.other" : "# more on this page" , "search.result.none" : "No matching documents" , "search.result.one" : "1 matching document" , "search.result.other" : "# matching documents" , "search.result.placeholder" : "Type to start searching" , "search.result.term.missing" : "Missing" , "select.version" : "Select version" } } < / script >
2024-03-28 19:06:47 +00:00
2024-10-23 16:37:17 +00:00
< script src = "../../assets/javascripts/bundle.83f73b43.min.js" > < / script >
2024-03-28 19:06:47 +00:00
< / body >
< / html >