Exploit for Use After Free in Linux Linux_Kernel CVE-2024-1086

Name: Exploit for Use After Free in Linux Linux_Kernel CVE-2024-1086
Rating: 5 (6 reviews)

2026-06-21 | CVSS 7.8

## https://sploitus.com/exploit?id=F9427710-4336-50DA-9AC4-7D23886787E5
# CVE-2024-1086 Root Cause & Exploitation

**Target kernels:** Linux < 6.8 (netfilter `nf_tables`)

**Novel angle:** Logic confusion in `nft_verdict_init` causes refcount double-free, exploitable via heap spray to arbitrary memory write.

## Table of Contents

1. [Background](docs/) — netfilter / nf_tables overview
2. [Root Cause Analysis](docs/) — the `nft_verdict_init` logic confusion
3. [Vulnerable Kernel Code](kernel/) — annotated source excerpts
4. [Proof of Concept](PoC/) — trigger and exploit code
5. [Exploitation Strategy](docs/) — heap spray to arbitrary write
6. [References](references.md)