Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Linux kernel netfilter:nf_tables use-after-free privilege escalation (CVE-2024-1086)

Vulnerability
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

The Linux kernel netfilter:nf_tables use-after-free flaw CVE-2024-1086 is being exploited in ransomware attacks, putting affected Linux systems at risk of root-level compromise. The weakness was disclosed on January 31, 2024 and fixed by a January 2024 commit. A late-March PoC exploit showed local privilege escalation on Linux 5.14 to 6.6. CISA later added the flaw to the KEV catalog and ordered federal agencies to remediate it by June 20, 2024.

Related Happenings

CISA KEV remediation for Android and Linux vulnerabilities

Advisory/Mitigation
H score57 First: 03.06.2026 18:36 Last: 03.06.2026 18:36 Sources 1

About this happening: CISA’s **KEV** update forced **federal agencies** to remediate **CVE-2025-48595** and **CVE-2022-0492** in **Android** and the **Linux kernel** before the **June 5** deadline, or...

Open Happening

Linux kernel CIFS subsystem CIFSwitch local privilege escalation privilege-escalation flaw

Vulnerability
H score31 First: 30.05.2026 17:16 Last: 30.05.2026 17:16 Sources 1

About this happening: The **Linux kernel CIFS subsystem** has a disclosed **CIFSwitch** local privilege-escalation flaw that can let an **unprivileged local attacker** reach **root privileges** by abus...

Latest development: 01.06.2026 14:19

Major Linux distributions rolled out fixes for the CIFSwitch Linux kernel CIFS privilege-escalation flaw, and Manizada published PoC code to help defenders validate patches, mitigations, detections, and exposure. Linux Mint, CentOS, Rocky Linux, Kali Linux, AlmaLinux, and SLES SAP systems that ship cifs-utils by default are vulnerable, and some distros are vulnerable only if cifs-utils was manually installed.

Open Happening

Linux kernel Dirty Frag local root escalation privilege-escalation flaw

Vulnerability
H score20 First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **Dirty Frag** is a newly disclosed **Linux kernel** zero-day that can give **local attackers root privileges** on **most major Linux distributions**. The flaw is anchored in the...

Open Happening

Linux kernel Dirty Frag blocklist mitigation

Advisory/Mitigation
H score53 First: 08.05.2026 08:12 Last: 08.05.2026 08:12 Sources 1

About this happening: **CloudLinx** and Linux distribution advisories now recommend blocklisting **esp4**, **esp6**, and **rxrpc** to reduce exposure to the **Dirty Frag** Linux kernel **LPE** while pa...

Open Happening

CISA KEV action for CVE-2026-31431 and FCEB remediation

Public Sector Action
H score49 First: 03.05.2026 09:26 Last: 03.05.2026 09:26 Sources 1

About this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...

Open Happening

Timeline

  1. 31.10.2025 15:05 2 articles · 7mo ago

    Initial report: Linux kernel netfilter:nf_tables use-after-free privilege escalation (CVE-2024-1086)

    Initial Disclosure

    By **January 31, 2024**, **CVE-2024-1086** was disclosed as a **use-after-free** in **Linux kernel netfilter:nf_tables** and fixed in a January commit. In late March, a **PoC exploit** showed local privilege escalation on **Linux 5.14 to 6.6**.

    Show sources
    Open in new tab