CVE-2024-0193: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2024-0193) was discovered in the netfilter subsystem of the Linux kernel. The vulnerability was disclosed on January 2, 2024, affecting Linux kernel systems. The issue occurs when the catchall element is garbage-collected during pipapo set removal, leading to double deactivation of the element (NVD, Red Hat).

The vulnerability is a use-after-free issue that occurs in the nft_trans_gc_catchall_sync function within the netfilter subsystem. When the catchall element is garbage-collected during pipapo set removal, the element can be deactivated twice, resulting in a use-after-free condition affecting either an NFT_CHAIN object or NFT_OBJECT object. The vulnerability has been assigned a CVSS v3.1 base score of 6.7 (Medium) by NIST and 7.8 (High) by Red Hat (NVD).

This vulnerability allows a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system. The issue specifically affects the netfilter subsystem, which is a core component of Linux networking, making it a significant security concern for system administrators (NVD).

The vulnerability has been patched in various Linux distributions. Red Hat has released security updates for RHEL 9.x versions through multiple security advisories (RHSA-2024:1018, RHSA-2024:1019, RHSA-2024:1248, RHSA-2024:4412, RHSA-2024:4415). The fix is also available in the upstream Linux kernel (Red Hat Bugzilla).