Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2024-52336

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root

A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.

References

RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-52336 x_refsource_REDHAT vdb-entry
RHBZ#2324540 issue-tracking x_refsource_REDHAT
RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-52336 x_refsource_REDHAT vdb-entry
RHBZ#2324540 issue-tracking x_refsource_REDHAT
https://www.openwall.com/lists/oss-security/2024/11/28/2
https://security.opensuse.org/2024/11/26/tuned-instance-create.html
https://access.redhat.com/security/cve/CVE-2024-52336 x_refsource_REDHAT vdb-entry
RHBZ#2324540 issue-tracking x_refsource_REDHAT
https://security.opensuse.org/2024/11/26/tuned-instance-create.html
https://www.openwall.com/lists/oss-security/2024/11/28/1
RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
https://www.openwall.com/lists/oss-security/2024/11/28/2
https://security.opensuse.org/2024/11/26/tuned-instance-create.html
RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-52336 x_refsource_REDHAT vdb-entry
RHBZ#2324540 issue-tracking x_refsource_REDHAT
https://security.opensuse.org/2024/11/26/tuned-instance-create.html
https://www.openwall.com/lists/oss-security/2024/11/28/1
https://www.openwall.com/lists/oss-security/2024/11/28/2
https://security.opensuse.org/2024/11/26/tuned-instance-create.html
RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-52336 x_refsource_REDHAT vdb-entry
RHBZ#2324540 issue-tracking x_refsource_REDHAT
https://security.opensuse.org/2024/11/26/tuned-instance-create.html
https://www.openwall.com/lists/oss-security/2024/11/28/1
https://www.openwall.com/lists/oss-security/2024/11/28/2
https://security.opensuse.org/2024/11/26/tuned-instance-create.html
RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
RHSA-2025:0879 x_refsource_REDHAT vendor-advisory
RHSA-2025:0880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-52336 x_refsource_REDHAT vdb-entry
RHBZ#2324540 issue-tracking x_refsource_REDHAT
https://security.opensuse.org/2024/11/26/tuned-instance-create.html
https://www.openwall.com/lists/oss-security/2024/11/28/1
https://www.openwall.com/lists/oss-security/2024/11/28/2
https://security.opensuse.org/2024/11/26/tuned-instance-create.html
https://www.openwall.com/lists/oss-security/2024/11/28/1
RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
RHSA-2025:0879 x_refsource_REDHAT vendor-advisory
RHSA-2025:0880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-52336 x_refsource_REDHAT vdb-entry
RHBZ#2324540 issue-tracking x_refsource_REDHAT
https://security.opensuse.org/2024/11/26/tuned-instance-create.html
https://www.openwall.com/lists/oss-security/2024/11/28/2
https://security.opensuse.org/2024/11/26/tuned-instance-create.html
RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
RHSA-2025:0879 x_refsource_REDHAT vendor-advisory
RHSA-2025:0880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-52336 x_refsource_REDHAT vdb-entry
RHBZ#2324540 issue-tracking x_refsource_REDHAT
https://security.opensuse.org/2024/11/26/tuned-instance-create.html
https://www.openwall.com/lists/oss-security/2024/11/28/1
https://www.openwall.com/lists/oss-security/2024/11/28/2
https://security.opensuse.org/2024/11/26/tuned-instance-create.html
RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
RHSA-2025:0879 x_refsource_REDHAT vendor-advisory
RHSA-2025:0880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-52336 x_refsource_REDHAT vdb-entry
RHBZ#2324540 issue-tracking x_refsource_REDHAT
https://security.opensuse.org/2024/11/26/tuned-instance-create.html
https://www.openwall.com/lists/oss-security/2024/11/28/1
https://www.openwall.com/lists/oss-security/2024/11/28/2
https://security.opensuse.org/2024/11/26/tuned-instance-create.html
RHSA-2024:10384 x_refsource_REDHAT vendor-advisory
RHSA-2025:0879 x_refsource_REDHAT vendor-advisory
RHSA-2025:0880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-52336 x_refsource_REDHAT vdb-entry
RHBZ#2324540 issue-tracking x_refsource_REDHAT
https://security.opensuse.org/2024/11/26/tuned-instance-create.html
https://www.openwall.com/lists/oss-security/2024/11/28/1
https://www.openwall.com/lists/oss-security/2024/11/28/2
https://security.opensuse.org/2024/11/26/tuned-instance-create.html

Affected products

tuned

*
<2.24.1

Matching in nixpkgs

pkgs.tuned

Tuning Profile Delivery Mechanism for Linux

nixos-unstable -
- nixpkgs-unstable 2.26.0

pkgs.python312Packages.mypy-boto3-neptunedata

Type annotations for boto3 neptunedata

nixos-unstable -
- nixpkgs-unstable boto3-neptunedata-1.40.0

pkgs.python313Packages.mypy-boto3-neptunedata

Type annotations for boto3 neptunedata

nixos-unstable -
- nixpkgs-unstable boto3-neptunedata-1.40.0

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>
@getchoo Seth Flynn <getchoo@tuta.io>