ClickCease KernelCare Live Patches for CVE-2024-1086 in AlmaLinux 8 & 9

Table of Contents

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Update for KernelCare Live Patches for CVE-2024-1086 in AlmaLinux 8 & 9

by Joao Correia

April 5, 2024 - Technical Evangelist

Update April 8th, 2024: Updated ETA for AlmaLinux 8.

Update April 8th, 2024 – #2: Updated ETA for AlmaLinux 9.

Update April 9th, 2024: Live patches for both AlmaLinux 8 and AlmaLinux 9 are available.

The KernelCare team is working on deploying a live patch for CVE-2024-1086 for AlmaLinux 8 and AlmaLinux 9 users. As of April 3, the patches for CVE-2024-1086 are now available in production repos. Instructions for updating AlmaLinux 8 and AlmaLinux 9 can be found here.

More details on the status of the live patch availability below.

About the CVE

 

This vulnerability was identified in the Netfilter subsystem of the Linux kernel. This flaw can be found in the nft_verdict_init() function, which enables positive values to be interpreted as drop errors in the hook verdict. As a consequence, the nf_hook_slow() function can trigger a double-free vulnerability when NF_DROP is issued with a drop error similar to NF_ACCEPT. Exploiting this issue in the nf_tables component could lead to local privilege escalation.

TuxCare strongly suggests patching as soon as possible, as this vulnerability has publicly available proof-of-concept code that makes it trivially exploitable for a local user on a vulnerable system.

Live Patch Status

 

Live patches for both AlmaLinux 8 and AlmaLinux 9 are available for deployment.

Note: As this vulnerability affects multiple versions across different distributions, you can follow the status of the release in the TuxCare CVE tracker here.

 

Summary
KernelCare Live Patches for CVE-2024-1086 in AlmaLinux 8 & 9
Article Name
KernelCare Live Patches for CVE-2024-1086 in AlmaLinux 8 & 9
Description
The KernelCare team is working on deploying a live patch for CVE-2024-1086 for CloudLinux users. Learn more here
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!