Lucene search
Ubuntu.comUB:CVE-2024-38394HistoryJun 16, 2024 - 12:00 a.m.
CVE-2024-38394
2024-06-1600:00:00
ubuntu.com
ubuntu.com
1
cve-2024-38394
gnome settings daemon
linux kernel
usb authorization policy
unauthorized access
device matching logic
physical proximity
mitigation
feature
Mismatches in interpreting USB authorization policy between GNOME Settings
Daemon (GSD) through 46.0 and the Linux kernel’s underlying device matching
logic allow a physically proximate attacker to access some unintended Linux
kernel USB functionality, such as USB device-specific kernel modules and
filesystem implementations. NOTE: the GSD supplier indicates that
consideration of a mitigation for this within GSD would be in the context
of “a new feature, not a CVE.”
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | as of 2024-06-17, there is no fix from gnome-settings-daemon as they don’t believe that is the proper place to address this issue. Deferring this CVE for now. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | gnome-settings-daemon | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | gnome-settings-daemon | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | gnome-settings-daemon | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | gnome-settings-daemon | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | gnome-settings-daemon | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | gnome-settings-daemon | < any | UNKNOWN |
Related
vulnrichment
vulnrichment
CVE-2024-38394
2024-06-15 00:00:00
redhatcve
redhatcve
CVE-2024-38394
2024-06-18 05:07:19
cve
cve
CVE-2024-38394
2024-06-16 00:15:49
debiancve
debiancve
CVE-2024-38394
2024-06-16 00:15:49
cvelist
cvelist
CVE-2024-38394
2024-06-15 00:00:00
nessus
nessus
nvd
nvd
CVE-2024-38394
2024-06-16 00:15:49
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:2170-1)
2024-06-25 00:00:00