PoC Exploit Published for Linux Kernel Privilege Escalation Flaw (CVE-2024-0193)
A security researcher has released proof-of-concept (PoC) exploit code targeting a high-severity vulnerability (CVE-2024-0193) within the Linux kernel. This use-after-free flaw in the netfilter subsystem, scored 7.8 on the CVSS scale, can be exploited by local attackers to escalate privileges and execute arbitrary code, potentially causing catastrophic kernel panic.
Netfilter is a core framework in the Linux kernel responsible for various networking operations, including packet filtering and network address translation (NAT). The discovery of CVE-2024-0193 reveals a critical weakness within this subsystem. An authenticated attacker can send a specially crafted request to exploit this flaw, gaining elevated access levels without the need for elevated privileges initially.
Red Hat’s security advisory, released on January 2, 2024, sheds light on the technical specifics of the threat. The vulnerability arises when the ‘catchall’ element undergoes garbage collection as the ‘pipapo’ set is removed. This scenario leads to the element being deactivated twice, triggering a use-after-free issue. The impacted elements could be an NFT_CHAIN object or an NFT_OBJECT object.
Local users with CAP_NET_ADMIN capability are particularly at risk, as they could exploit this flaw to escalate their privileges on the system. The implications are significant: unauthorized access, control over system processes, and potential system crashes are all possible outcomes.
The technical details and PoC exploit for CVE-2024-0193 have been made available on Github, enabling security professionals and potentially malicious actors to understand and exploit this vulnerability. This public release emphasizes the urgency for administrators to address the flaw.
System administrators are urged to apply patches and updates released by their respective Linux distributions. Red Hat, Debian, SUSE, and Ubuntu have all provided advisories and patches to mitigate the risk. Ensuring systems are up-to-date is crucial in protecting against potential exploits.
