Linux Kernel Flaw CVE-2024-0193 Opens Root Access
A new threat has emerged, casting a shadow over the reliability of the Linux kernel. A recently disclosed security flaw, identified as CVE-2024-0193, poses a significant risk to systems relying on this widely used operating system. With a CVSS score of 7.8, this use-after-free flaw in the netfilter subsystem is a high-severity flaw, capable of being exploited by local adversaries to escalate privileges and execute arbitrary code, potentially leading to a catastrophic kernel panic.
Netfilter, a core framework within the Linux kernel, is the cornerstone of a plethora of networking operations, including packet filtering and network address translation. CVE-2024-0193 exploits a critical flaw in this subsystem. By sending a specially crafted request, an authenticated attacker, even one without elevated privileges, can leverage this weakness to gain higher access levels on the system.
Red Hat, in a security advisory released on January 2, 2024, illuminated the technical nuances of the threat. The vulnerability emerges when the ‘catchall’ element is garbage-collected as the ‘pipapo’ set is removed, leading to a perilous scenario where the element could be deactivated twice. This sequence of events triggers a use-after-free issue, impacting either an NFT_CHAIN object or an NFT_OBJECT object. The implications are dire: a local user with CAP_NET_ADMIN capability could exploit this to escalate their privileges on the system. Similar warnings have resonated from other tech giants, including Debian, SUSE, and Ubuntu, underlining the widespread concern.
In response to this looming threat, a kernel source code commit was proposed by engineer Pablo Neira Ayuso. This crucial update introduces the NFT_MSG_DELSET function, a safeguard designed to deactivate all elements in the set. It strategically skips the set->ops->commit() to avert the unnecessary cloning of the ‘pipapo’ case, as well as the synchronized garbage collection cycle. This latter move is pivotal, as it prevents the reactivation of expired elements in the set, thereby mitigating the risk of a double deactivation.
