Detecting CVE-2024-1086: The decade-old Linux kernel vulnerability that’s being actively exploited in ransomware campaigns

This report details CVE-2024-1086, a decade-old use-after-free vulnerability in the Linux kernel nftables component that allows privilege escalation to root; it is actively exploited (CISA-listed) in ransomware campaigns, has public PoC code, affects many kernel versions (notably v5.14–v6.6), and requires prompt patching and runtime detection to mitigate risks such as defense evasion, lateral movement, and system-wide encryption.