CVE-2024-0193

medium

Published 2024-03-12 · Modified 2026-05-15

CVSS v3

6.7

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2

—

VIR risk

6.7

Description

A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.

Predictions

Exploit likelihood

66%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-0193

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RXSA-2024:1248

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2024-0193.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://bugzilla.redhat.com/show_bug.cgi?id=2255653

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://access.redhat.com/security/cve/CVE-2024-0193

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://access.redhat.com/errata/RHSA-2024:4415

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://access.redhat.com/errata/RHSA-2024:4412

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://access.redhat.com/errata/RHSA-2024:2094

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://access.redhat.com/errata/RHSA-2024:1019

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://access.redhat.com/errata/RHSA-2024:1018

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:1248

OS impact

OS	Version	Status	Fixed in
rhel	9	fixed
sles		affected
rocky	9	fixed
debian	bookworm	fixed	`6.1.69-1`
debian	bullseye	fixed	`5.10.205-1`
debian	forky	fixed	`6.6.11-1`
debian	sid	fixed	`6.6.11-1`
debian	trixie	fixed	`6.6.11-1`
linux-kernel		affected	`5.10.206`
rhel	9.0_aarch64	affected
rhel	9.4_aarch64	affected
rhel	9.6_aarch64	affected

Application impact

Vendor	Product	Versions
redhat	codeready_linux_builder_for_ibm_z_systems_eus	`9.2_s390x`
redhat	codeready_linux_builder_for_power_little_endian_eus	`9.2_ppc64le`
redhat	codeready_linux_builder_for_x86_64_eus	`9.2`
redhat	codeready_linux_builder_for_arm64	`9.0_aarch64`
redhat	codeready_linux_builder_for_arm64_eus	`9.4_aarch64`
redhat	codeready_linux_builder_for_arm64_eus	`9.6_aarch64`
redhat	codeready_linux_builder_for_ibm_z_systems	`9.0_s390x`
redhat	codeready_linux_builder_for_ibm_z_systems_eus	`9.4_s390x`
redhat	codeready_linux_builder_for_ibm_z_systems_eus	`9.6_s390x`
redhat	codeready_linux_builder_for_power_little_endian	`9.0_ppc64le`
redhat	codeready_linux_builder_for_power_little_endian_eus	`9.4_ppc64le`
redhat	codeready_linux_builder_for_power_little_endian_eus	`9.6_ppc64le`
redhat	codeready_linux_builder_for_x86_64_eus	`9.4`
redhat	codeready_linux_builder_for_x86_64_eus	`9.6`
redhat	logging_subsystem_for_red_hat_openshift	`5.0`
redhat	logging_subsystem_for_red_hat_openshift_for_arm_64	`5.0`
redhat	logging_subsystem_for_red_hat_openshift_for_ibm_power_little_endian	`5.0`
redhat	logging_subsystem_for_red_hat_openshift_for_ibm_z_and_linuxone	`5.0`

References

CWEs

CWE-416

Verify integrity in audit chain (admin only). AS-IS.