CVE-2024-0193

A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unpri...

high 7.8 CVSS 3.1
Published: Jan 2, 2024
Modified: Jun 5, 2026
Vendor: Redhat
Product: Codeready Linux Builder For Eus
Versions: 9.2,9.2_s390x,9.0,9.4,9.6,9.0_s390x,9.4_s390x,9.6_s390x,9.0_ppc64le,9.4_ppc64le

Description

A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.

References

Related CVEs

CVE-2026-32589 high · 7.4
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in prog
CVE-2026-32590 high · 7.1
A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered
CVE-2026-2377 medium · 6.5
A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backen
CVE-2016-2183 high · 7.5
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which mak
CVE-2014-3566 low · 3.4
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain clear