CVE-2024-1085: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2024-1085) was discovered in the Linux kernel's netfilter: nf_tables component. The vulnerability was reported by Lonial Con and affects Linux kernel versions from 5.13 up to versions before 6.7.2. The issue was disclosed on January 31, 2024, and stems from improper handling of element deactivation in the netfilter subsystem (NVD, Ubuntu).

The vulnerability exists in the nftsetelemcatchall_deactivate() function, which incorrectly checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it. The function only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability. The issue has been assigned a CVSS v3.1 base score of 7.8 (High) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

This vulnerability can be exploited to achieve local privilege escalation. A local attacker could potentially cause a denial of service through system crashes or execute arbitrary code with elevated privileges (Ubuntu).

The primary mitigation is to upgrade to kernel versions containing the fix (commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7). As a temporary workaround, administrators can disable the ability for unprivileged users to create namespaces by setting kernel.unprivilegedusernsclone=0 (Ubuntu).