A new vulnerability in Linux that allows attackers to gain Root rights has been discovered by NOTSELWYN security researcher. The flaw affects Linux kernel versions 5.14 to 6.6.14.
The vulnerability, identified as CVE-2024-1086 (CVSS: 7.8), impacts several popular distributions, including Debian, Ubuntu, Red Hat, and Fedora. The vulnerability involves a memory corruption flaw (Double-Free) in the Netfilter component of the Linux kernel through nf_tables, which can result in system crashes or the execution of arbitrary code. Linux kernel developers have released a patch to address the vulnerability at the end of January, with updates being distributed to users since then.
NOTSELWYN security researcher published a detailed technical report about the vulnerability, stating that the exploit is successful in 99.4% of cases on kernel version 6.4.16. NOTSELWYN expressed excitement about the project, highlighting the thrill of gaining administrator rights using the discovered vulnerability.
The exploit takes advantage of a double free vulnerability in the NFT_verdict_init() function, which can result in system crashes or the execution of arbitrary code. The attack requires that the system allows non-privileged user names the access to nf_tables, which is the default setting in many distributions.
The exploit technique, named Dirty Pagedirectory, enables attackers to read and write to all memory pages of the system, providing complete control over a vulnerable computer. The method relies on exploiting the double free vulnerability to allocate the same kernel address for Page Upper Directory (PUD) and Page Middle Directory (PMD).