Lucene search

K

GoogleOSV:CVE-2024-23301

HistoryJan 12, 2024 - 11:15 p.m.

CVE-2024-23301

2024-01-1223:15:10

Google

osv.dev

4

cve-2024-23301

relax-and-recover

world-readable

initrd

grub_rescue=y

local attackers

system secrets

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.

CPENameOperatorVersion
reareqrear-1.19
reareq1.13.0
reareq1.17.0
reareqrear-1.18
reareq2.4
reareq2.5
reareqrear-2.5
reareq2.7
reareq2.2
reareqrear-2.6

Rows per page:

1-10 of 361

References

github.com/rear/rear/issues/3122

github.com/rear/rear/pull/3123

lists.debian.org/debian-lts-announce/2024/02/msg00003.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JIN57LUPBI2GDJOK3PYXNHJTZT3AQTZ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHKMPXJNXEJJE6EVYE5HM7EKEJFQMBN7/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

Related for OSV:CVE-2024-23301

nessus20 almalinux2 nvd1 cve1 osv4 oraclelinux2 openvas5 redos1 redhatcve1 cvelist1 fedora2 debian1 debiancve1 redhat2 mageia1 amazon1 rocky1 prion1 ubuntucve1