{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-0193","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2024-01-02T10:58:11.805Z","datePublished":"2024-01-02T18:05:13.332Z","dateUpdated":"2026-03-04T06:58:13.138Z"},"containers":{"cna":{"title":"Kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation","metrics":[{"other":{"content":{"value":"Important","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system."}],"affected":[{"packageName":"kernel","collectionURL":"https://git.kernel.org/pub/scm/linux/kernel","defaultStatus":"affected"},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","defaultStatus":"affected","versions":[{"version":"0:5.14.0-362.24.1.el9_3","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:enterprise_linux:9::realtime","cpe:/a:redhat:enterprise_linux:9::crb","cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::nfv","cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","defaultStatus":"affected","versions":[{"version":"0:5.14.0-362.24.1.el9_3","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:enterprise_linux:9::realtime","cpe:/a:redhat:enterprise_linux:9::crb","cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::nfv","cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","defaultStatus":"affected","versions":[{"version":"0:5.14.0-70.105.1.el9_0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream","cpe:/o:redhat:rhel_e4s:9.0::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel-rt","defaultStatus":"affected","versions":[{"version":"0:5.14.0-70.105.1.rt21.177.el9_0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_e4s:9.0::nfv","cpe:/a:redhat:rhel_e4s:9.0::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","defaultStatus":"affected","versions":[{"version":"0:5.14.0-284.55.1.el9_2","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_eus:9.2::crb","cpe:/o:redhat:rhel_eus:9.2::baseos","cpe:/a:redhat:rhel_eus:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel-rt","defaultStatus":"affected","versions":[{"version":"0:5.14.0-284.55.1.rt14.340.el9_2","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_eus:9.2::realtime","cpe:/a:redhat:rhel_eus:9.2::nfv"]},{"vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/cluster-logging-operator-bundle","defaultStatus":"affected","versions":[{"version":"v5.8.6-22","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:logging:5.8::el9"]},{"vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/cluster-logging-rhel9-operator","defaultStatus":"affected","versions":[{"version":"v5.8.6-11","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:logging:5.8::el9"]},{"vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/elasticsearch6-rhel9","defaultStatus":"affected","versions":[{"version":"v6.8.1-407","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:logging:5.8::el9"]},{"vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/elasticsearch-operator-bundle","defaultStatus":"affected","versions":[{"version":"v5.8.6-19","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:logging:5.8::el9"]},{"vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/elasticsearch-proxy-rhel9","defaultStatus":"affected","versions":[{"version":"v1.0.0-479","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:logging:5.8::el9"]},{"vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/elasticsearch-rhel9-operator","defaultStatus":"affected","versions":[{"version":"v5.8.6-7","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:logging:5.8::el9"]},{"vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/eventrouter-rhel9","defaultStatus":"affected","versions":[{"version":"v0.4.0-247","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:logging:5.8::el9"]},{"vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/fluentd-rhel9","defaultStatus":"affected","versions":[{"version":"v5.8.6-5","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:logging:5.8::el9"]},{"vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/log-file-metric-exporter-rhel9","defaultStatus":"affected","versions":[{"version":"v1.1.0-227","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:logging:5.8::el9"]},{"vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/logging-curator5-rhel9","defaultStatus":"affected","versions":[{"version":"v5.8.1-470","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:logging:5.8::el9"]},{"vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/logging-loki-rhel9","defaultStatus":"affected","versions":[{"version":"v2.9.6-14","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:logging:5.8::el9"]},{"vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/logging-view-plugin-rhel9","defaultStatus":"affected","versions":[{"version":"v5.8.6-2","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:logging:5.8::el9"]},{"vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/loki-operator-bundle","defaultStatus":"affected","versions":[{"version":"v5.8.6-24","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:logging:5.8::el9"]},{"vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/loki-rhel9-operator","defaultStatus":"affected","versions":[{"version":"v5.8.6-10","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:logging:5.8::el9"]},{"vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/lokistack-gateway-rhel9","defaultStatus":"affected","versions":[{"version":"v0.1.0-525","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:logging:5.8::el9"]},{"vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/opa-openshift-rhel9","defaultStatus":"affected","versions":[{"version":"v0.1.0-224","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:logging:5.8::el9"]},{"vendor":"Red Hat","product":"RHOL-5.8-RHEL-9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/vector-rhel9","defaultStatus":"affected","versions":[{"version":"v0.28.1-56","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:logging:5.8::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel-rt","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel-rt","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel-rt","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:1018","name":"RHSA-2024:1018","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2024:1019","name":"RHSA-2024:1019","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2024:1248","name":"RHSA-2024:1248","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2024:2094","name":"RHSA-2024:2094","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2024:4412","name":"RHSA-2024:4412","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2024:4415","name":"RHSA-2024:4415","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/security/cve/CVE-2024-0193","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2255653","name":"RHBZ#2255653","tags":["issue-tracking","x_refsource_REDHAT"]}],"datePublic":"2024-01-02T00:00:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-416","description":"Use After Free","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-416: Use After Free","workarounds":[{"lang":"en","value":"In order to trigger the issue, it requires the ability to create user/net namespaces.\n\nOn non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user namespaces by setting user.max_user_namespaces to 0:\n\n# echo \"user.max_user_namespaces=0\" > /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\n\nOn containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled."}],"timeline":[{"lang":"en","time":"2023-12-22T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2024-01-02T00:00:00.000Z","value":"Made public."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2026-03-04T06:58:13.138Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-02T13:17:27.203202Z","id":"CVE-2024-0193","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-02T13:17:46.436Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T17:41:16.221Z"},"title":"CVE Program Container","references":[{"url":"https://access.redhat.com/errata/RHSA-2024:1018","name":"RHSA-2024:1018","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2024:1019","name":"RHSA-2024:1019","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2024:1248","name":"RHSA-2024:1248","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2024:2094","name":"RHSA-2024:2094","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2024:4412","name":"RHSA-2024:4412","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2024:4415","name":"RHSA-2024:4415","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/security/cve/CVE-2024-0193","tags":["vdb-entry","x_refsource_REDHAT","x_transferred"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2255653","name":"RHBZ#2255653","tags":["issue-tracking","x_refsource_REDHAT","x_transferred"]}]}]}}