Untriaged
Permalink
CVE-2024-52337
5.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): HIGH
- Availability impact (A): NONE
Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.
References
- RHSA-2024:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-52337 x_refsource_REDHAT vdb-entry
- RHBZ#2324541 issue-tracking x_refsource_REDHAT
- RHSA-2024:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-52337 x_refsource_REDHAT vdb-entry
- RHBZ#2324541 issue-tracking x_refsource_REDHAT
- https://www.openwall.com/lists/oss-security/2024/11/28/2
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- RHSA-2024:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-52337 x_refsource_REDHAT vdb-entry
- RHBZ#2324541 issue-tracking x_refsource_REDHAT
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/1
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/2
- RHSA-2024:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-52337 x_refsource_REDHAT vdb-entry
- RHBZ#2324541 issue-tracking x_refsource_REDHAT
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/1
- https://www.openwall.com/lists/oss-security/2024/11/28/2
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- RHSA-2024:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
- RHSA-2024:11161 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-52337 x_refsource_REDHAT vdb-entry
- RHBZ#2324541 issue-tracking x_refsource_REDHAT
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/1
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/2
- RHSA-2024:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
- RHSA-2024:11161 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-52337 x_refsource_REDHAT vdb-entry
- RHBZ#2324541 issue-tracking x_refsource_REDHAT
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/1
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/2
- RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
- RHSA-2024:11161 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0195 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-52337 x_refsource_REDHAT vdb-entry
- RHBZ#2324541 issue-tracking x_refsource_REDHAT
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/1
- RHSA-2024:10381 x_refsource_REDHAT vendor-advisory
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/2
- RHSA-2024:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
- RHSA-2024:11161 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0327 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-52337 x_refsource_REDHAT vdb-entry
- RHBZ#2324541 issue-tracking x_refsource_REDHAT
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/1
- https://www.openwall.com/lists/oss-security/2024/11/28/2
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- RHBZ#2324541 issue-tracking x_refsource_REDHAT
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/1
- RHSA-2024:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
- RHSA-2024:11161 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0327 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0368 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-52337 x_refsource_REDHAT vdb-entry
- https://www.openwall.com/lists/oss-security/2024/11/28/2
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- RHSA-2024:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
- RHSA-2024:11161 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0327 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0368 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0879 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0880 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0881 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-52337 x_refsource_REDHAT vdb-entry
- RHBZ#2324541 issue-tracking x_refsource_REDHAT
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/1
- https://www.openwall.com/lists/oss-security/2024/11/28/2
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/1
- RHSA-2024:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
- RHSA-2024:11161 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0327 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0368 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0879 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0880 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0881 x_refsource_REDHAT vendor-advisory
- RHSA-2025:1785 x_refsource_REDHAT vendor-advisory
- RHSA-2025:1802 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-52337 x_refsource_REDHAT vdb-entry
- RHBZ#2324541 issue-tracking x_refsource_REDHAT
- https://www.openwall.com/lists/oss-security/2024/11/28/2
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- RHSA-2025:0879 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0880 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0881 x_refsource_REDHAT vendor-advisory
- RHSA-2025:1785 x_refsource_REDHAT vendor-advisory
- RHSA-2025:1802 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-52337 x_refsource_REDHAT vdb-entry
- RHBZ#2324541 issue-tracking x_refsource_REDHAT
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/1
- RHSA-2024:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
- RHSA-2024:11161 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0327 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0368 x_refsource_REDHAT vendor-advisory
- https://www.openwall.com/lists/oss-security/2024/11/28/2
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/1
- RHSA-2024:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
- RHSA-2024:11161 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0327 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0368 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0879 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0880 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0881 x_refsource_REDHAT vendor-advisory
- RHSA-2025:1785 x_refsource_REDHAT vendor-advisory
- RHSA-2025:1802 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-52337 x_refsource_REDHAT vdb-entry
- RHBZ#2324541 issue-tracking x_refsource_REDHAT
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/2
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- RHSA-2024:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
- RHSA-2024:11161 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0327 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0368 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0879 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0880 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0881 x_refsource_REDHAT vendor-advisory
- RHSA-2025:1785 x_refsource_REDHAT vendor-advisory
- RHSA-2025:1802 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-52337 x_refsource_REDHAT vdb-entry
- RHBZ#2324541 issue-tracking x_refsource_REDHAT
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/1
- https://www.openwall.com/lists/oss-security/2024/11/28/2
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- RHSA-2024:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
- RHSA-2024:11161 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0327 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0368 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0879 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0880 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0881 x_refsource_REDHAT vendor-advisory
- RHSA-2025:1785 x_refsource_REDHAT vendor-advisory
- RHSA-2025:1802 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-52337 x_refsource_REDHAT vdb-entry
- RHBZ#2324541 issue-tracking x_refsource_REDHAT
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/1
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/2
- RHSA-2024:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
- RHSA-2024:11161 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0327 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0368 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0879 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0880 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0881 x_refsource_REDHAT vendor-advisory
- RHSA-2025:1785 x_refsource_REDHAT vendor-advisory
- RHSA-2025:1802 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-52337 x_refsource_REDHAT vdb-entry
- RHBZ#2324541 issue-tracking x_refsource_REDHAT
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/1
- https://www.openwall.com/lists/oss-security/2024/11/28/2
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- RHSA-2024:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
- RHSA-2024:11161 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0327 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0368 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0879 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0880 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0881 x_refsource_REDHAT vendor-advisory
- RHSA-2025:1785 x_refsource_REDHAT vendor-advisory
- RHSA-2025:1802 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-52337 x_refsource_REDHAT vdb-entry
- RHBZ#2324541 issue-tracking x_refsource_REDHAT
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/1
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/2
- RHSA-2024:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
- RHSA-2024:11161 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0195 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0327 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0368 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0879 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0880 x_refsource_REDHAT vendor-advisory
- RHSA-2025:0881 x_refsource_REDHAT vendor-advisory
- RHSA-2025:1785 x_refsource_REDHAT vendor-advisory
- RHSA-2025:1802 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-52337 x_refsource_REDHAT vdb-entry
- RHBZ#2324541 issue-tracking x_refsource_REDHAT
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
- https://www.openwall.com/lists/oss-security/2024/11/28/1
- https://www.openwall.com/lists/oss-security/2024/11/28/2
- https://security.opensuse.org/2024/11/26/tuned-instance-create.html
Affected products
tuned
- *
- <2.24.1
Matching in nixpkgs
pkgs.python312Packages.mypy-boto3-neptunedata
Type annotations for boto3 neptunedata
-
nixos-unstable -
- nixpkgs-unstable boto3-neptunedata-1.40.0
pkgs.python313Packages.mypy-boto3-neptunedata
Type annotations for boto3 neptunedata
-
nixos-unstable -
- nixpkgs-unstable boto3-neptunedata-1.40.0
Package maintainers
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>
-
@getchoo Seth Flynn <getchoo@tuta.io>