What is CVE-2024-0193?

A high-severity use-after-free vulnerability in the Linux kernel's netfilter subsystem could allow local unprivileged users to escalate privileges. Immediate patching is recommended to mitigate risks associated with this vulnerability.

What is the severity of CVE-2024-0193?

CVE-2024-0193 has a severity rating of HIGH with a CVSS base score of 7.8.

CVE-2024-0193 | High Vulnerability in Red Hat Enterprise Linux

A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.

The vulnerability has a CVSS score of 7.8, indicating a high severity level. This is critical as it allows unauthorized privilege escalation, which can lead to significant risks within affected systems.

Organizations using affected versions of the Linux kernel or Red Hat Enterprise Linux should prioritize patching immediately to mitigate this vulnerability. The risk to organizations includes potential unauthorized access and control over system resources.

Currently, there are no known public exploits for this vulnerability, but the potential for exploitation exists, given its nature and the capabilities required.

Vulnerability Details

CVE-2024-0193 describes a use-after-free vulnerability in the netfilter subsystem of the Linux kernel. The issue arises when the catchall element gets garbage-collected while the pipapo set is removed, allowing the element to deactivate twice.

The CVSS score, as reported by Red Hat, is 7.8, indicating a high severity level. The vulnerability impacts confidentiality, integrity, and availability, all of which are rated as high. The affected products include the Linux kernel and Red Hat Enterprise Linux version 9.0.

Technical Analysis

Root cause analysis indicates that the flaw is due to improper memory management in the netfilter subsystem, leading to a use-after-free condition. The attack vector for this vulnerability is local, meaning an attacker must have access to the system. The attack complexity is low, and the privileges required are also low, which further heightens the risk.

User interaction is not required for exploitation. The confidentiality, integrity, and availability impacts are all classified as high, indicating a severe risk to affected systems.

Risk & Impact Analysis

The real-world deployment risk for this vulnerability is significant. Organizations that have not applied the necessary patches may face exploitation attempts, leading to unauthorized access and control over critical systems.

The potential blast radius is extensive, as the vulnerability affects local users with administrative capabilities. Given the high severity of the CVSS score and the nature of the vulnerability, organizations should evaluate their exposure and prioritize remediation efforts.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The following versions are affected by this vulnerability: Linux kernel and Red Hat Enterprise Linux 9.0. Organizations should ensure they are running patched versions to mitigate risks.

Mitigation & Remediation

Organizations should prioritize patching immediately. Relevant updates can be found in the Red Hat errata, including patch information. If patches are not yet available, consider implementing configuration hardening and monitoring to detect potential exploitation attempts.

Detection Guidance

To detect potential exploitation attempts, organizations should monitor logs for unusual behavior and access patterns that may indicate privilege escalation attempts. Additionally, behavioral anomalies related to the netfilter subsystem should be tracked.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2024-0193 lies in its illustration of the ongoing challenges in memory management within the Linux kernel. Security teams should consider this vulnerability as a case study to improve coding practices and enhance their security posture.

For further learning, organizations can explore our penetration testing methodology and consider implementing a comprehensive vulnerability management program to proactively address similar security issues in the future.

Organizations are encouraged to stay informed about emerging vulnerabilities to maintain a robust security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-0193: High Vulnerability in Red Hat Enterprise Linux