Vulnerabilites related to Red Hat - Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
cve-2025-26600
Vulnerability from cvelistv5
Published
2025-02-25 15:55
Modified
2025-03-27 04:21
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ Version: 22.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-26600", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-25T16:16:54.221297Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-25T16:17:05.872Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://gitlab.freedesktop.org/xorg/xserver/", defaultStatus: "unaffected", packageName: "xserver", versions: [ { lessThan: "21.1.16", status: "affected", version: "0", versionType: "semver", }, { lessThan: "24.1.6", status: "affected", version: "22.0.0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.8.0-36.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.20.4-30.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-15.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.9.0-15.el8_2.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-15.el8_8.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.14.1-1.el9_5.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-22.el9_0.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-14.el9_2.10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-8.el9_4.5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "xorg-x11-server-Xwayland", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "xorg-x11-server-Xwayland", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, ], datePublic: "2025-02-25T00:00:00.000Z", descriptions: [ { lang: "en", value: "A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T04:21:52.306Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:2500", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2500", }, { name: "RHSA-2025:2502", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2502", }, { name: "RHSA-2025:2861", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2861", }, { name: "RHSA-2025:2862", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2862", }, { name: "RHSA-2025:2865", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2865", }, { name: "RHSA-2025:2866", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2866", }, { name: "RHSA-2025:2873", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2873", }, { name: "RHSA-2025:2874", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2874", }, { name: "RHSA-2025:2875", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2875", }, { name: "RHSA-2025:2879", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2879", }, { name: "RHSA-2025:2880", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2880", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2025-26600", }, { name: "RHBZ#2345252", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2345252", }, ], timeline: [ { lang: "en", time: "2025-02-12T14:15:01.957000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-02-25T00:00:00+00:00", value: "Made public.", }, ], title: "Xorg: xwayland: use-after-free in playreleasedevents()", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-416: Use After Free", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2025-26600", datePublished: "2025-02-25T15:55:20.421Z", dateReserved: "2025-02-12T14:12:22.796Z", dateUpdated: "2025-03-27T04:21:52.306Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-1244
Vulnerability from cvelistv5
Published
2025-02-12 14:27
Modified
2025-03-15 08:50
Severity ?
EPSS score ?
Summary
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-1244", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-12T14:50:47.050392Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T15:21:21.499Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-03-01T21:02:26.923Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66390", }, { url: "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-30.1", }, { url: "http://www.openwall.com/lists/oss-security/2025/03/01/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://git.savannah.gnu.org/cgit/emacs.git/", defaultStatus: "unaffected", packageName: "emacs", versions: [ { lessThan: "29.4.0", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "emacs", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:24.3-23.el7_9.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "emacs", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:26.1-13.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "emacs", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:26.1-13.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "emacs", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:26.1-5.el8_2.3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "emacs", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:26.1-5.el8_4.3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "emacs", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:26.1-5.el8_4.3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "emacs", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:26.1-5.el8_4.3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/o:redhat:rhel_tus:8.6::baseos", ], defaultStatus: "affected", packageName: "emacs", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:26.1-7.el8_6.6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/o:redhat:rhel_tus:8.6::baseos", ], defaultStatus: "affected", packageName: "emacs", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:26.1-7.el8_6.6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/o:redhat:rhel_tus:8.6::baseos", ], defaultStatus: "affected", packageName: "emacs", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:26.1-7.el8_6.6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", "cpe:/o:redhat:rhel_eus:8.8::baseos", ], defaultStatus: "affected", packageName: "emacs", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:26.1-10.el8_8.7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "emacs", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:27.2-11.el9_5.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "emacs", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:27.2-6.el9_0.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "emacs", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:27.2-8.el9_2.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.4::appstream", ], defaultStatus: "affected", packageName: "emacs", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:27.2-10.el9_4.1", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift_builds:1.3::el9", ], defaultStatus: "affected", packageName: "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9", product: "Builds for Red Hat OpenShift 1.3.1", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "sha256:8bb5f5d121a135ddd3c3038167b2bed668efe4f2d2c69a6e7e1bb5671c9e3043", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "emacs", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Vasilij Schneidermann (CODE WHITE) for reporting this issue.", }, ], datePublic: "2025-02-12T00:00:00.000Z", descriptions: [ { lang: "en", value: "A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-15T08:50:32.937Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:1915", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1915", }, { name: "RHSA-2025:1917", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1917", }, { name: "RHSA-2025:1961", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1961", }, { name: "RHSA-2025:1962", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1962", }, { name: "RHSA-2025:1963", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1963", }, { name: "RHSA-2025:1964", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1964", }, { name: "RHSA-2025:2022", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2022", }, { name: "RHSA-2025:2130", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2130", }, { name: "RHSA-2025:2157", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2157", }, { name: "RHSA-2025:2195", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2195", }, { name: "RHSA-2025:2754", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2754", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2025-1244", }, { name: "RHBZ#2345150", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2345150", }, ], timeline: [ { lang: "en", time: "2025-02-12T07:05:48.841000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-02-12T00:00:00+00:00", value: "Made public.", }, ], title: "Emacs: shell injection vulnerability in gnu emacs via custom \"man\" uri scheme", workarounds: [ { lang: "en", value: "There is no an existing or known mitigation for this issue without disabling part of the Emacs core functionality. However, by avoiding opening or view untrusted files, websites, HTTP URLs or other URI resources with Emacs would reduce or prevent the risk of performing this attack successfully.", }, ], x_redhatCweChain: "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2025-1244", datePublished: "2025-02-12T14:27:45.707Z", dateReserved: "2025-02-12T07:32:23.452Z", dateUpdated: "2025-03-15T08:50:32.937Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5564
Vulnerability from cvelistv5
Published
2024-05-31 18:31
Modified
2024-12-31 03:09
Severity ?
EPSS score ?
Summary
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:4618 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4619 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4620 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4622 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4636 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4640 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4641 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4642 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4643 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-5564 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2284122 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 1.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-5564", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-31T20:17:36.331326Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:02:43.761Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:18:06.467Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:4618", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4618", }, { name: "RHSA-2024:4619", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4619", }, { name: "RHSA-2024:4620", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4620", }, { name: "RHSA-2024:4622", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4622", }, { name: "RHSA-2024:4636", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4636", }, { name: "RHSA-2024:4640", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4640", }, { name: "RHSA-2024:4641", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4641", }, { name: "RHSA-2024:4642", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4642", }, { name: "RHSA-2024:4643", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4643", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2024-5564", }, { name: "RHBZ#2284122", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2284122", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00011.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://github.com/jpirko/libndp", defaultStatus: "unaffected", packageName: "libndp", versions: [ { lessThan: "1.7-7", status: "affected", version: "1.0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "libndp", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.2-10.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "libndp", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.7-7.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.2::baseos", ], defaultStatus: "affected", packageName: "libndp", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.7-4.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", ], defaultStatus: "affected", packageName: "libndp", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.7-6.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", ], defaultStatus: "affected", packageName: "libndp", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.7-6.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", ], defaultStatus: "affected", packageName: "libndp", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.7-6.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", ], defaultStatus: "affected", packageName: "libndp", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.7-7.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", ], defaultStatus: "affected", packageName: "libndp", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.7-7.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", ], defaultStatus: "affected", packageName: "libndp", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.7-7.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:8.8::baseos", ], defaultStatus: "affected", packageName: "libndp", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.7-7.el8_8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::baseos", ], defaultStatus: "affected", packageName: "libndp", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.8-6.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:9.0::baseos", ], defaultStatus: "affected", packageName: "libndp", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.8-5.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:9.2::baseos", ], defaultStatus: "affected", packageName: "libndp", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.8-5.el9_2", versionType: "rpm", }, ], }, ], credits: [ { lang: "en", value: "Upstream acknowledges Evgeny Vereshchagin as the original reporter.", }, ], datePublic: "2024-05-31T00:00:00+00:00", descriptions: [ { lang: "en", value: "A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T03:09:13.581Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:4618", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4618", }, { name: "RHSA-2024:4619", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4619", }, { name: "RHSA-2024:4620", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4620", }, { name: "RHSA-2024:4622", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4622", }, { name: "RHSA-2024:4636", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4636", }, { name: "RHSA-2024:4640", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4640", }, { name: "RHSA-2024:4641", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4641", }, { name: "RHSA-2024:4642", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4642", }, { name: "RHSA-2024:4643", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4643", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-5564", }, { name: "RHBZ#2284122", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2284122", }, ], timeline: [ { lang: "en", time: "2024-05-31T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-05-31T00:00:00+00:00", value: "Made public.", }, ], title: "Libndp: buffer overflow in route information length field", workarounds: [ { lang: "en", value: "Currently there is no mitigation available for this vulnerability. Please make sure to update as the fixes become available.", }, ], x_redhatCweChain: "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-5564", datePublished: "2024-05-31T18:31:47.333Z", dateReserved: "2024-05-31T13:34:41.061Z", dateUpdated: "2024-12-31T03:09:13.581Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-9675
Vulnerability from cvelistv5
Published
2024-10-09 14:32
Modified
2025-03-20 10:58
Severity ?
EPSS score ?
Summary
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-9675", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-09T16:16:25.550764Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-09T16:24:34.705Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/containers/buildah", defaultStatus: "unaffected", packageName: "buildah", versions: [ { lessThan: "1.38.0", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8100020241023085649.afee755d", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020241028154646.3b538bd8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020241028154646.3b538bd8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020241028154646.3b538bd8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020241025064551.0f77c1b7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.33.10-1.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:4.9.4-16.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:5.2.2-9.el9_5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.37.5-1.el9_5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.26.8-2.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:4.2.0-5.el9_0.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.29.4-1.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:4.4.1-21.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-15.rhaos4.13.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.13.0-202503111300.p0.gb379980.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-21.rhaos4.14.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.14.0-202503060906.p0.gb03f3f5.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-32.rhaos4.15.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el9", "cpe:/a:redhat:openshift:4.15::el8", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.15.0-202503060734.p0.gbc0b789.assembly.stream.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.16::el8", "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:4.9.4-14.rhaos4.16.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.17::el9", "cpe:/a:redhat:openshift:4.17::el8", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "5:5.2.2-1.rhaos4.17.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.17::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder-rhel9", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.17.0-202503041005.p0.gc3b0999.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.18::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-docker-builder-rhel9", product: "Red Hat OpenShift Container Platform 4.18", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.18.0-202503040802.p0.g6a5ec2a.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ocp_tools", ], defaultStatus: "affected", packageName: "ocp-tools-4/jenkins-agent-base-rhel8", product: "OpenShift Developer Tools and Services", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ocp_tools", ], defaultStatus: "affected", packageName: "ocp-tools-4/jenkins-rhel8", product: "OpenShift Developer Tools and Services", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "skopeo", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "conmon", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "buildah", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "conmon", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "unaffected", packageName: "cri-o", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:quay:3", ], defaultStatus: "affected", packageName: "quay/quay-builder-rhel8", product: "Red Hat Quay 3", vendor: "Red Hat", }, ], datePublic: "2024-10-09T00:00:00.000Z", descriptions: [ { lang: "en", value: "A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T10:58:31.644Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:8563", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8563", }, { name: "RHSA-2024:8675", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8675", }, { name: "RHSA-2024:8679", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8679", }, { name: "RHSA-2024:8686", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8686", }, { name: "RHSA-2024:8690", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8690", }, { name: "RHSA-2024:8700", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8700", }, { name: "RHSA-2024:8703", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8703", }, { name: "RHSA-2024:8707", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8707", }, { name: "RHSA-2024:8708", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8708", }, { name: "RHSA-2024:8709", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8709", }, { name: "RHSA-2024:8846", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8846", }, { name: "RHSA-2024:8984", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8984", }, { name: "RHSA-2024:8994", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8994", }, { name: "RHSA-2024:9051", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9051", }, { name: "RHSA-2024:9454", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9454", }, { name: "RHSA-2024:9459", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9459", }, { name: "RHSA-2025:2445", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2445", }, { name: "RHSA-2025:2449", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2449", }, { name: "RHSA-2025:2454", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2454", }, { name: "RHSA-2025:2701", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2701", }, { name: "RHSA-2025:2710", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2710", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-9675", }, { name: "RHBZ#2317458", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2317458", }, ], timeline: [ { lang: "en", time: "2024-10-09T02:45:06.343000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-10-09T00:00:00+00:00", value: "Made public.", }, ], title: "Buildah: buildah allows arbitrary directory mount", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-9675", datePublished: "2024-10-09T14:32:11.922Z", dateReserved: "2024-10-09T02:47:50.357Z", dateUpdated: "2025-03-20T10:58:31.644Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-26597
Vulnerability from cvelistv5
Published
2025-02-25 15:54
Modified
2025-03-27 04:20
Severity ?
EPSS score ?
Summary
A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ Version: 22.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-26597", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-25T16:39:35.677718Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-25T19:14:54.385Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://gitlab.freedesktop.org/xorg/xserver/", defaultStatus: "unaffected", packageName: "xserver", versions: [ { lessThan: "21.1.16", status: "affected", version: "0", versionType: "semver", }, { lessThan: "24.1.6", status: "affected", version: "22.0.0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.8.0-36.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.20.4-30.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-15.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.9.0-15.el8_2.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-15.el8_8.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.14.1-1.el9_5.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-22.el9_0.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-14.el9_2.10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-8.el9_4.5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "xorg-x11-server-Xwayland", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "xorg-x11-server-Xwayland", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, ], datePublic: "2025-02-25T00:00:00.000Z", descriptions: [ { lang: "en", value: "A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T04:20:29.448Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:2500", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2500", }, { name: "RHSA-2025:2502", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2502", }, { name: "RHSA-2025:2861", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2861", }, { name: "RHSA-2025:2862", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2862", }, { name: "RHSA-2025:2865", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2865", }, { name: "RHSA-2025:2866", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2866", }, { name: "RHSA-2025:2873", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2873", }, { name: "RHSA-2025:2874", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2874", }, { name: "RHSA-2025:2875", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2875", }, { name: "RHSA-2025:2879", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2879", }, { name: "RHSA-2025:2880", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2880", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2025-26597", }, { name: "RHBZ#2345255", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2345255", }, ], timeline: [ { lang: "en", time: "2025-02-12T14:15:01.517000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-02-25T00:00:00+00:00", value: "Made public.", }, ], title: "Xorg: xwayland: buffer overflow in xkbchangetypesofkey()", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2025-26597", datePublished: "2025-02-25T15:54:48.196Z", dateReserved: "2025-02-12T14:12:22.795Z", dateUpdated: "2025-03-27T04:20:29.448Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-26596
Vulnerability from cvelistv5
Published
2025-02-25 15:54
Modified
2025-03-27 04:20
Severity ?
EPSS score ?
Summary
A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ Version: 22.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-26596", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-25T17:14:01.432188Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-25T17:22:27.580Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://gitlab.freedesktop.org/xorg/xserver/", defaultStatus: "unaffected", packageName: "xserver", versions: [ { lessThan: "21.1.16", status: "affected", version: "0", versionType: "semver", }, { lessThan: "24.1.6", status: "affected", version: "22.0.0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.8.0-36.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.20.4-30.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-15.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.9.0-15.el8_2.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-15.el8_8.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.14.1-1.el9_5.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-22.el9_0.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-14.el9_2.10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-8.el9_4.5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "xorg-x11-server-Xwayland", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "xorg-x11-server-Xwayland", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, ], datePublic: "2025-02-25T00:00:00.000Z", descriptions: [ { lang: "en", value: "A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T04:20:12.127Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:2500", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2500", }, { name: "RHSA-2025:2502", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2502", }, { name: "RHSA-2025:2861", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2861", }, { name: "RHSA-2025:2862", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2862", }, { name: "RHSA-2025:2865", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2865", }, { name: "RHSA-2025:2866", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2866", }, { name: "RHSA-2025:2873", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2873", }, { name: "RHSA-2025:2874", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2874", }, { name: "RHSA-2025:2875", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2875", }, { name: "RHSA-2025:2879", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2879", }, { name: "RHSA-2025:2880", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2880", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2025-26596", }, { name: "RHBZ#2345256", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2345256", }, ], timeline: [ { lang: "en", time: "2025-02-12T14:15:01.367000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-02-25T00:00:00+00:00", value: "Made public.", }, ], title: "Xorg: xwayland: heap overflow in xkbwritekeysyms()", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-787: Out-of-bounds Write", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2025-26596", datePublished: "2025-02-25T15:54:23.693Z", dateReserved: "2025-02-12T14:12:22.795Z", dateUpdated: "2025-03-27T04:20:12.127Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-11218
Vulnerability from cvelistv5
Published
2025-01-22 04:55
Modified
2025-03-20 07:16
Severity ?
EPSS score ?
Summary
A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ Version: 1.35.0 ≤ Version: 1.37.0 ≤ Version: 1.38.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-11218", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-22T14:11:18.056703Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T17:08:25.061Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/containers/buildah", defaultStatus: "unaffected", packageName: "buildah", versions: [ { lessThan: "1.33.12", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.35.5", status: "affected", version: "1.35.0", versionType: "semver", }, { lessThan: "1.37.6", status: "affected", version: "1.37.0", versionType: "semver", }, { lessThan: "1.38.1", status: "affected", version: "1.38.0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8100020250124120243.afee755d", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020250203202123.3b538bd8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020250203202123.3b538bd8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020250203202123.3b538bd8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "container-tools:rhel8", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020250207173112.0f77c1b7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:5.2.2-13.el9_5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.37.6-1.el9_5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:4.2.0-6.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.26.9-1.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.29.5-1.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:4.4.1-22.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.4::appstream", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.33.12-2.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.4::appstream", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:4.9.4-17.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4.12", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "412.86.202503052321-0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.12::el8", "cpe:/a:redhat:openshift:4.12::el9", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.12", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.2.0-13.rhaos4.12.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.29.5-1.rhaos4.13.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-16.rhaos4.13.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "413.92.202503112237-0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-22.rhaos4.14.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.29.5-1.rhaos4.14.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "414.92.202503100617-0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "3:4.4.1-33.rhaos4.15.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:1.29.5-1.rhaos4.15.el8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "415.92.202503060749-0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", "cpe:/a:redhat:openshift_ironic:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "4:4.9.4-15.rhaos4.16.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", "cpe:/a:redhat:openshift:4.16::el8", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.33.12-1.rhaos4.16.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "416.94.202502180249-0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.17::el8", "cpe:/a:redhat:openshift:4.17::el9", ], defaultStatus: "affected", packageName: "podman", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "5:5.2.2-2.rhaos4.17.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.17::el8", "cpe:/a:redhat:openshift:4.17::el9", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.33.12-1.rhaos4.17.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4.18::el8", "cpe:/a:redhat:openshift:4.18::el9", ], defaultStatus: "affected", packageName: "buildah", product: "Red Hat OpenShift Container Platform 4.18", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:1.33.12-1.rhaos4.18.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, ], datePublic: "2025-01-20T00:00:00.000Z", descriptions: [ { lang: "en", value: "A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T07:16:39.420Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:0830", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0830", }, { name: "RHSA-2025:0878", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0878", }, { name: "RHSA-2025:0922", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0922", }, { name: "RHSA-2025:0923", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0923", }, { name: "RHSA-2025:1186", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1186", }, { name: "RHSA-2025:1187", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1187", }, { name: "RHSA-2025:1188", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1188", }, { name: "RHSA-2025:1189", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1189", }, { name: "RHSA-2025:1207", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1207", }, { name: "RHSA-2025:1275", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1275", }, { name: "RHSA-2025:1295", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1295", }, { name: "RHSA-2025:1296", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1296", }, { name: "RHSA-2025:1372", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1372", }, { name: "RHSA-2025:1453", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1453", }, { name: "RHSA-2025:1707", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1707", }, { name: "RHSA-2025:1713", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1713", }, { name: "RHSA-2025:1908", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1908", }, { name: "RHSA-2025:1910", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1910", }, { name: "RHSA-2025:1914", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1914", }, { name: "RHSA-2025:2441", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2441", }, { name: "RHSA-2025:2443", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2443", }, { name: "RHSA-2025:2454", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2454", }, { name: "RHSA-2025:2456", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2456", }, { name: "RHSA-2025:2701", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2701", }, { name: "RHSA-2025:2703", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2703", }, { name: "RHSA-2025:2710", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2710", }, { name: "RHSA-2025:2712", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2712", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-11218", }, { name: "RHBZ#2326231", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2326231", }, ], timeline: [ { lang: "en", time: "2024-11-14T13:05:29.849000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-01-20T00:00:00+00:00", value: "Made public.", }, ], title: "Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile", workarounds: [ { lang: "en", value: "Mandatory access controls should limit the access of the process performing the build, on systems where they are enabled.\n\nSELinux enforces strict access controls by confining the build process (e.g., Podman) to specific domains like container_t. This prevents unauthorized access to sensitive host files and directories, even if a malicious Containerfile tries to exploit the --mount flag.", }, ], x_redhatCweChain: "CWE-269: Improper Privilege Management", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-11218", datePublished: "2025-01-22T04:55:30.649Z", dateReserved: "2024-11-14T13:11:49.476Z", dateUpdated: "2025-03-20T07:16:39.420Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-26601
Vulnerability from cvelistv5
Published
2025-02-25 15:55
Modified
2025-03-27 04:22
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ Version: 22.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-26601", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-25T16:08:41.554166Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-25T16:08:49.344Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://gitlab.freedesktop.org/xorg/xserver/", defaultStatus: "unaffected", packageName: "xserver", versions: [ { lessThan: "21.1.16", status: "affected", version: "0", versionType: "semver", }, { lessThan: "24.1.6", status: "affected", version: "22.0.0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.8.0-36.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.20.4-30.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-15.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.9.0-15.el8_2.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-15.el8_8.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.14.1-1.el9_5.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-22.el9_0.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-14.el9_2.10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-8.el9_4.5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "xorg-x11-server-Xwayland", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "xorg-x11-server-Xwayland", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, ], datePublic: "2025-02-25T00:00:00.000Z", descriptions: [ { lang: "en", value: "A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T04:22:08.108Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:2500", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2500", }, { name: "RHSA-2025:2502", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2502", }, { name: "RHSA-2025:2861", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2861", }, { name: "RHSA-2025:2862", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2862", }, { name: "RHSA-2025:2865", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2865", }, { name: "RHSA-2025:2866", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2866", }, { name: "RHSA-2025:2873", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2873", }, { name: "RHSA-2025:2874", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2874", }, { name: "RHSA-2025:2875", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2875", }, { name: "RHSA-2025:2879", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2879", }, { name: "RHSA-2025:2880", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2880", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2025-26601", }, { name: "RHBZ#2345251", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2345251", }, ], timeline: [ { lang: "en", time: "2025-02-12T14:18:30.820000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-02-25T00:00:00+00:00", value: "Made public.", }, ], title: "Xorg: xwayland: use-after-free in syncinittrigger()", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-416: Use After Free", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2025-26601", datePublished: "2025-02-25T15:55:36.775Z", dateReserved: "2025-02-12T14:12:22.796Z", dateUpdated: "2025-03-27T04:22:08.108Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-26595
Vulnerability from cvelistv5
Published
2025-02-25 15:54
Modified
2025-03-27 04:19
Severity ?
EPSS score ?
Summary
A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ Version: 22.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-26595", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-25T20:05:05.924947Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-25T20:05:22.115Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://gitlab.freedesktop.org/xorg/xserver/", defaultStatus: "unaffected", packageName: "xserver", versions: [ { lessThan: "21.1.16", status: "affected", version: "0", versionType: "semver", }, { lessThan: "24.1.6", status: "affected", version: "22.0.0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.8.0-36.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.20.4-30.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-15.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.9.0-15.el8_2.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-15.el8_8.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.14.1-1.el9_5.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-22.el9_0.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-14.el9_2.10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-8.el9_4.5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "xorg-x11-server-Xwayland", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "xorg-x11-server-Xwayland", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, ], datePublic: "2025-02-25T00:00:00.000Z", descriptions: [ { lang: "en", value: "A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T04:19:56.000Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:2500", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2500", }, { name: "RHSA-2025:2502", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2502", }, { name: "RHSA-2025:2861", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2861", }, { name: "RHSA-2025:2862", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2862", }, { name: "RHSA-2025:2865", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2865", }, { name: "RHSA-2025:2866", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2866", }, { name: "RHSA-2025:2873", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2873", }, { name: "RHSA-2025:2874", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2874", }, { name: "RHSA-2025:2875", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2875", }, { name: "RHSA-2025:2879", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2879", }, { name: "RHSA-2025:2880", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2880", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2025-26595", }, { name: "RHBZ#2345257", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2345257", }, ], timeline: [ { lang: "en", time: "2025-02-12T14:15:00.929000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-02-25T00:00:00+00:00", value: "Made public.", }, ], title: "Xorg: xwayland: buffer overflow in xkbvmodmasktext()", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-121: Stack-based Buffer Overflow", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2025-26595", datePublished: "2025-02-25T15:54:06.708Z", dateReserved: "2025-02-12T14:12:22.795Z", dateUpdated: "2025-03-27T04:19:56.000Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-26599
Vulnerability from cvelistv5
Published
2025-02-25 15:55
Modified
2025-03-27 04:21
Severity ?
EPSS score ?
Summary
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ Version: 22.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-26599", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-25T16:22:35.562208Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-25T16:22:51.245Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://gitlab.freedesktop.org/xorg/xserver/", defaultStatus: "unaffected", packageName: "xserver", versions: [ { lessThan: "21.1.16", status: "affected", version: "0", versionType: "semver", }, { lessThan: "24.1.6", status: "affected", version: "22.0.0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.8.0-36.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.20.4-30.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-15.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.9.0-15.el8_2.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-15.el8_8.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.14.1-1.el9_5.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-22.el9_0.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-14.el9_2.10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-8.el9_4.5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "xorg-x11-server-Xwayland", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "xorg-x11-server-Xwayland", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, ], datePublic: "2025-02-25T00:00:00.000Z", descriptions: [ { lang: "en", value: "An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-824", description: "Access of Uninitialized Pointer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T04:21:07.505Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:2500", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2500", }, { name: "RHSA-2025:2502", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2502", }, { name: "RHSA-2025:2861", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2861", }, { name: "RHSA-2025:2862", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2862", }, { name: "RHSA-2025:2865", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2865", }, { name: "RHSA-2025:2866", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2866", }, { name: "RHSA-2025:2873", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2873", }, { name: "RHSA-2025:2874", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2874", }, { name: "RHSA-2025:2875", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2875", }, { name: "RHSA-2025:2879", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2879", }, { name: "RHSA-2025:2880", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2880", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2025-26599", }, { name: "RHBZ#2345253", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2345253", }, ], timeline: [ { lang: "en", time: "2025-02-12T14:15:01.808000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-02-25T00:00:00+00:00", value: "Made public.", }, ], title: "Xorg: xwayland: use of uninitialized pointer in compredirectwindow()", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-824: Access of Uninitialized Pointer", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2025-26599", datePublished: "2025-02-25T15:55:02.964Z", dateReserved: "2025-02-12T14:12:22.796Z", dateUpdated: "2025-03-27T04:21:07.505Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-3183
Vulnerability from cvelistv5
Published
2024-06-12 08:18
Modified
2024-09-16 19:35
Severity ?
EPSS score ?
Summary
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password.
If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password).
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:3754 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3755 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3756 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3757 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3758 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3759 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3760 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3761 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3775 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-3183 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2270685 | issue-tracking, x_refsource_REDHAT | |
| https://www.freeipa.org/release-notes/4-12-1.html |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 7 |
Unaffected: 0:4.6.8-5.el7_9.17 < * cpe:/o:redhat:enterprise_linux:7::workstation cpe:/o:redhat:enterprise_linux:7::computenode cpe:/o:redhat:enterprise_linux:7::server cpe:/o:redhat:enterprise_linux:7::client |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-3183", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-12T13:41:24.168315Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-12T13:43:10.079Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:05:07.630Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:3754", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3754", }, { name: "RHSA-2024:3755", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3755", }, { name: "RHSA-2024:3756", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3756", }, { name: "RHSA-2024:3757", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3757", }, { name: "RHSA-2024:3758", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3758", }, { name: "RHSA-2024:3759", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3759", }, { name: "RHSA-2024:3760", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3760", }, { name: "RHSA-2024:3761", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3761", }, { name: "RHSA-2024:3775", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3775", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2024-3183", }, { name: "RHBZ#2270685", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270685", }, { tags: [ "x_transferred", ], url: "https://www.freeipa.org/release-notes/4-12-1.html", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WT3JL7JQDIAFKKEFARWYES7GZNWGQNCI/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::client", ], defaultStatus: "affected", packageName: "ipa", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.6.8-5.el7_9.17", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "idm:DL1", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8100020240528133707.823393f5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "idm:DL1", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020240530191103.792f4060", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "idm:DL1", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020240528055121.5b01ab7e", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "idm:DL1", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020240528055121.5b01ab7e", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "idm:DL1", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020240528055121.5b01ab7e", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "idm:DL1", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020240530061719.ada582f1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "idm:DL1", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020240530061719.ada582f1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "idm:DL1", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020240530061719.ada582f1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "idm:DL1", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020240530051744.b0a6ceea", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb", ], defaultStatus: "affected", packageName: "ipa", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.11.0-15.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "ipa", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.9.8-11.el9_0.3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "ipa", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:4.10.1-12.el9_2.2", versionType: "rpm", }, ], }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Mikhail Sukhov for reporting this issue.", }, ], datePublic: "2024-06-10T00:00:00+00:00", descriptions: [ { lang: "en", value: "A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password.\r\n\r\nIf a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password).", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-916", description: "Use of Password Hash With Insufficient Computational Effort", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T19:35:31.472Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:3754", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3754", }, { name: "RHSA-2024:3755", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3755", }, { name: "RHSA-2024:3756", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3756", }, { name: "RHSA-2024:3757", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3757", }, { name: "RHSA-2024:3758", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3758", }, { name: "RHSA-2024:3759", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3759", }, { name: "RHSA-2024:3760", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3760", }, { name: "RHSA-2024:3761", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3761", }, { name: "RHSA-2024:3775", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3775", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-3183", }, { name: "RHBZ#2270685", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270685", }, { url: "https://www.freeipa.org/release-notes/4-12-1.html", }, ], timeline: [ { lang: "en", time: "2024-03-21T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-06-10T00:00:00+00:00", value: "Made public.", }, ], title: "Freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force", workarounds: [ { lang: "en", value: "To mitigate this vulnerability, ticket requests to user principals are now disallowed in FreeIPA realms by default. This will keep attackers from obtaining data encrypted with the user key directly.", }, ], x_redhatCweChain: "CWE-916: Use of Password Hash With Insufficient Computational Effort", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-3183", datePublished: "2024-06-12T08:18:51.691Z", dateReserved: "2024-04-02T09:48:54.404Z", dateUpdated: "2024-09-16T19:35:31.472Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-12085
Vulnerability from cvelistv5
Published
2025-01-14 17:37
Modified
2025-03-20 07:05
Severity ?
EPSS score ?
Summary
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ 3.3.0 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-12085", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T04:55:13.505Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/RsyncProject/rsync", defaultStatus: "unaffected", packageName: "rsync", versions: [ { lessThanOrEqual: "3.3.0", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:6", ], defaultStatus: "affected", packageName: "rsync", product: "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.0.6-12.el6_10.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "rsync", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.1.2-12.el7_9.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "rsync", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.1.3-20.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.2::baseos", ], defaultStatus: "affected", packageName: "rsync", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.1.3-7.el8_2.3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", ], defaultStatus: "affected", packageName: "rsync", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.1.3-12.el8_4.3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", ], defaultStatus: "affected", packageName: "rsync", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.1.3-12.el8_4.3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", ], defaultStatus: "affected", packageName: "rsync", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.1.3-12.el8_4.3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", ], defaultStatus: "affected", packageName: "rsync", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.1.3-14.el8_6.6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", ], defaultStatus: "affected", packageName: "rsync", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.1.3-14.el8_6.6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", ], defaultStatus: "affected", packageName: "rsync", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.1.3-14.el8_6.6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:8.8::baseos", ], defaultStatus: "affected", packageName: "rsync", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.1.3-20.el8_8.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "rsync", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.2.3-20.el9_5.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "rsync", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.2.3-20.el9_5.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:9.0::baseos", "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "rsync", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.2.3-9.el9_0.3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "rsync", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.2.3-19.el9_2.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.4::appstream", "cpe:/o:redhat:rhel_eus:9.4::baseos", ], defaultStatus: "affected", packageName: "rsync", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:3.2.3-19.el9_4.1", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.12::el8", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4.12", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "412.86.202502100314-0", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.13::el9", "cpe:/a:redhat:openshift:4.13::el8", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4.13", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "413.92.202503112237-0", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.14::el8", "cpe:/a:redhat:openshift:4.14::el9", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4.14", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "414.92.202502111902-0", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4.15", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "415.92.202501281917-0", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-ansible-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.16.0-202501311735.p0.g2cb0020.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-helm-rhel9-operator", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.16.0-202501311933.p0.g4246d04.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.16::el9", ], defaultStatus: "affected", packageName: "openshift4/ose-operator-sdk-rhel9", product: "Red Hat OpenShift Container Platform 4.16", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v4.16.0-202501311605.p0.g4246d04.assembly.stream.el9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:openshift:4.17::el9", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4.17", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "417.94.202502051822-0", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.8::el9", ], defaultStatus: "affected", packageName: "openshift-logging/cluster-logging-operator-bundle", product: "RHOL-5.8-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v5.8.17-22", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.8::el9", ], defaultStatus: "affected", packageName: "openshift-logging/cluster-logging-rhel9-operator", product: "RHOL-5.8-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v5.8.17-10", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.8::el9", ], defaultStatus: "affected", packageName: "openshift-logging/elasticsearch6-rhel9", product: "RHOL-5.8-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v6.8.1-454", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.8::el9", ], defaultStatus: "affected", packageName: "openshift-logging/elasticsearch-operator-bundle", product: "RHOL-5.8-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v5.8.17-17", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.8::el9", ], defaultStatus: "affected", packageName: "openshift-logging/elasticsearch-proxy-rhel9", product: "RHOL-5.8-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v1.0.0-537", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.8::el9", ], defaultStatus: "affected", packageName: "openshift-logging/elasticsearch-rhel9-operator", product: "RHOL-5.8-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v5.8.17-4", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.8::el9", ], defaultStatus: "affected", packageName: "openshift-logging/eventrouter-rhel9", product: "RHOL-5.8-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v0.4.0-339", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.8::el9", ], defaultStatus: "affected", packageName: "openshift-logging/fluentd-rhel9", product: "RHOL-5.8-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v5.8.17-4", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.8::el9", ], defaultStatus: "affected", packageName: "openshift-logging/log-file-metric-exporter-rhel9", product: "RHOL-5.8-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v1.1.0-320", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.8::el9", ], defaultStatus: "affected", packageName: "openshift-logging/logging-curator5-rhel9", product: "RHOL-5.8-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v5.8.1-552", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.8::el9", ], defaultStatus: "affected", packageName: "openshift-logging/logging-loki-rhel9", product: "RHOL-5.8-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v3.3.2-9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.8::el9", ], defaultStatus: "affected", packageName: "openshift-logging/logging-view-plugin-rhel9", product: "RHOL-5.8-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v5.8.17-5", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.8::el9", ], defaultStatus: "affected", packageName: "openshift-logging/loki-operator-bundle", product: "RHOL-5.8-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v5.8.17-12", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.8::el9", ], defaultStatus: "affected", packageName: "openshift-logging/loki-rhel9-operator", product: "RHOL-5.8-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v5.8.17-5", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.8::el9", ], defaultStatus: "affected", packageName: "openshift-logging/lokistack-gateway-rhel9", product: "RHOL-5.8-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v0.1.0-725", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.8::el9", ], defaultStatus: "affected", packageName: "openshift-logging/opa-openshift-rhel9", product: "RHOL-5.8-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v0.1.0-342", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.8::el9", ], defaultStatus: "affected", packageName: "openshift-logging/vector-rhel9", product: "RHOL-5.8-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v0.28.1-88", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.9::el9", ], defaultStatus: "affected", packageName: "openshift-logging/cluster-logging-operator-bundle", product: "RHOL-5.9-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v5.9.11-25", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.9::el9", ], defaultStatus: "affected", packageName: "openshift-logging/cluster-logging-rhel9-operator", product: "RHOL-5.9-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v5.9.11-11", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.9::el9", ], defaultStatus: "affected", packageName: "openshift-logging/eventrouter-rhel9", product: "RHOL-5.9-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v0.4.0-340", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.9::el9", ], defaultStatus: "affected", packageName: "openshift-logging/fluentd-rhel9", product: "RHOL-5.9-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v5.9.11-5", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.9::el9", ], defaultStatus: "affected", packageName: "openshift-logging/log-file-metric-exporter-rhel9", product: "RHOL-5.9-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v1.1.0-321", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.9::el9", ], defaultStatus: "affected", packageName: "openshift-logging/logging-loki-rhel9", product: "RHOL-5.9-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v3.3.2-8", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.9::el9", ], defaultStatus: "affected", packageName: "openshift-logging/logging-view-plugin-rhel9", product: "RHOL-5.9-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v5.9.11-6", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.9::el9", ], defaultStatus: "affected", packageName: "openshift-logging/loki-operator-bundle", product: "RHOL-5.9-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v5.9.11-9", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.9::el9", ], defaultStatus: "affected", packageName: "openshift-logging/loki-rhel9-operator", product: "RHOL-5.9-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v5.9.11-4", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.9::el9", ], defaultStatus: "affected", packageName: "openshift-logging/lokistack-gateway-rhel9", product: "RHOL-5.9-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v0.1.0-724", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.9::el9", ], defaultStatus: "affected", packageName: "openshift-logging/opa-openshift-rhel9", product: "RHOL-5.9-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v0.1.0-341", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:logging:5.9::el9", ], defaultStatus: "affected", packageName: "openshift-logging/vector-rhel9", product: "RHOL-5.9-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "v0.34.1-30", versionType: "rpm", }, ], }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.", }, ], datePublic: "2025-01-14T15:06:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T07:05:52.614Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:0324", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0324", }, { name: "RHSA-2025:0325", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0325", }, { name: "RHSA-2025:0637", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0637", }, { name: "RHSA-2025:0688", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0688", }, { name: "RHSA-2025:0714", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0714", }, { name: "RHSA-2025:0774", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0774", }, { name: "RHSA-2025:0787", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0787", }, { name: "RHSA-2025:0790", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0790", }, { name: "RHSA-2025:0849", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0849", }, { name: "RHSA-2025:0884", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0884", }, { name: "RHSA-2025:0885", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0885", }, { name: "RHSA-2025:1120", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1120", }, { name: "RHSA-2025:1123", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1123", }, { name: "RHSA-2025:1128", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1128", }, { name: "RHSA-2025:1225", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1225", }, { name: "RHSA-2025:1227", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1227", }, { name: "RHSA-2025:1242", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1242", }, { name: "RHSA-2025:1451", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1451", }, { name: "RHSA-2025:2701", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2701", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-12085", }, { name: "RHBZ#2330539", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2330539", }, { url: "https://kb.cert.org/vuls/id/952657", }, ], timeline: [ { lang: "en", time: "2024-12-05T12:06:36.594000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-01-14T15:06:00+00:00", value: "Made public.", }, ], title: "Rsync: info leak via uninitialized stack contents", workarounds: [ { lang: "en", value: "Seeing as this vulnerability relies on information leakage coming from the presence of data in the uninitialized memory of the `sum2` buffer, a potential mitigation involves compiling rsync with the `-ftrivial-auto-var-init=zero` option set. This mitigates the issue because it initializes the `sum2` variable's memory with zeroes to prevent uninitialized memory disclosure.", }, ], x_redhatCweChain: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-12085", datePublished: "2025-01-14T17:37:16.036Z", dateReserved: "2024-12-03T08:57:53.329Z", dateUpdated: "2025-03-20T07:05:52.614Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-9632
Vulnerability from cvelistv5
Published
2024-10-30 07:42
Modified
2024-12-26 14:22
Severity ?
EPSS score ?
Summary
A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 1.1.1 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-10-31T19:02:24.167Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/10/29/2", }, { url: "https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html", }, { url: "http://seclists.org/fulldisclosure/2024/Oct/20", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-9632", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T13:34:32.792082Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-30T13:35:19.624Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://gitlab.freedesktop.org/xorg/xserver/", defaultStatus: "unaffected", packageName: "xorg-server", versions: [ { lessThan: "21.1.14", status: "affected", version: "1.1.1", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.8.0-34.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.20.11-25.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "xorg-x11-server-Xwayland", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:21.1.3-17.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-14.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.9.0-15.el8_2.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.11", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.11", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.11", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-15.el8_8.11", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.14.1-1.el9_5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-22.el9_0.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-14.el9_2.9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-8.el9_4.4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "xorg-x11-server-Xwayland", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, ], datePublic: "2024-10-29T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-26T14:22:23.947Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:10090", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10090", }, { name: "RHSA-2024:8798", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8798", }, { name: "RHSA-2024:9540", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9540", }, { name: "RHSA-2024:9579", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9579", }, { name: "RHSA-2024:9601", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9601", }, { name: "RHSA-2024:9690", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9690", }, { name: "RHSA-2024:9816", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9816", }, { name: "RHSA-2024:9818", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9818", }, { name: "RHSA-2024:9819", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9819", }, { name: "RHSA-2024:9820", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9820", }, { name: "RHSA-2024:9901", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9901", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-9632", }, { name: "RHBZ#2317233", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2317233", }, ], timeline: [ { lang: "en", time: "2024-10-08T13:37:25.514000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-10-29T00:00:00+00:00", value: "Made public.", }, ], title: "Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-122: Heap-based Buffer Overflow", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-9632", datePublished: "2024-10-30T07:42:35.320Z", dateReserved: "2024-10-08T13:45:31.259Z", dateUpdated: "2024-12-26T14:22:23.947Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4467
Vulnerability from cvelistv5
Published
2024-07-02 15:57
Modified
2024-11-13 14:26
Severity ?
EPSS score ?
Summary
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:4276 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4277 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4278 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4372 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4373 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4374 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4420 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4724 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4727 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-4467 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2278875 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 4.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4467", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-02T18:05:51.892288Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-02T18:05:57.843Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-22T18:03:16.787Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:4276", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4276", }, { name: "RHSA-2024:4277", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4277", }, { name: "RHSA-2024:4278", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4278", }, { name: "RHSA-2024:4372", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4372", }, { name: "RHSA-2024:4373", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4373", }, { name: "RHSA-2024:4374", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4374", }, { name: "RHSA-2024:4420", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4420", }, { name: "RHSA-2024:4724", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4724", }, { name: "RHSA-2024:4727", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4727", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2024-4467", }, { name: "RHBZ#2278875", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278875", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/23/2", }, { url: "https://security.netapp.com/advisory/ntap-20240822-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://gitlab.com/qemu-project/qemu", defaultStatus: "unaffected", packageName: "qemu", versions: [ { lessThan: "9.1.0", status: "affected", version: "4.0.0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_virtualization:8.2::el8", ], defaultStatus: "affected", packageName: "virt:8.2", product: "Advanced Virtualization for RHEL 8.2.1", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020120240708124623.863bb0db", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_virtualization:8.4::el8", ], defaultStatus: "affected", packageName: "virt:av", product: "Advanced Virtualization for RHEL 8.4.0.EUS", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020240708093550.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_virtualization:8.4::el8", ], defaultStatus: "affected", packageName: "virt-devel:av", product: "Advanced Virtualization for RHEL 8.4.0.EUS", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020240708093550.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "virt-devel:rhel", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8100020240704072441.489197e6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "virt:rhel", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8100020240704072441.489197e6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "virt:rhel", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020240703100448.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "virt:rhel", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020240703100448.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "virt:rhel", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020240703100448.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "virt:rhel", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020240703092415.ad008a3a", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "virt:rhel", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020240703092415.ad008a3a", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "virt:rhel", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020240703092415.ad008a3a", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "virt-devel:rhel", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020240703085245.63b34585", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "virt:rhel", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020240703085245.63b34585", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "qemu-kvm", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "17:8.2.0-11.el9_4.4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "qemu-kvm", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "17:6.2.0-11.el9_0.9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "qemu-kvm", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "17:7.2.0-14.el9_2.11", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unaffected", packageName: "qemu-kvm", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unaffected", packageName: "qemu-kvm", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unaffected", packageName: "qemu-kvm-ma", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:advanced_virtualization:8::el8", ], defaultStatus: "affected", packageName: "virt:av/qemu-kvm", product: "Red Hat Enterprise Linux 8 Advanced Virtualization", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:container_native_virtualization:4", ], defaultStatus: "affected", packageName: "container-native-virtualization/virt-cdi-operator-rhel9", product: "Red Hat OpenShift Virtualization 4", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Martin Kaesberger for reporting this issue.", }, ], datePublic: "2024-07-02T15:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-13T14:26:07.158Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:4276", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4276", }, { name: "RHSA-2024:4277", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4277", }, { name: "RHSA-2024:4278", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4278", }, { name: "RHSA-2024:4372", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4372", }, { name: "RHSA-2024:4373", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4373", }, { name: "RHSA-2024:4374", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4374", }, { name: "RHSA-2024:4420", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4420", }, { name: "RHSA-2024:4724", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4724", }, { name: "RHSA-2024:4727", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4727", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-4467", }, { name: "RHBZ#2278875", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278875", }, ], timeline: [ { lang: "en", time: "2024-05-02T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-07-02T15:00:00+00:00", value: "Made public.", }, ], title: "Qemu-kvm: 'qemu-img info' leads to host file read/write", x_redhatCweChain: "CWE-20->(CWE-200|CWE-400): Improper Input Validation leads to Exposure of Sensitive Information to an Unauthorized Actor or Uncontrolled Resource Consumption", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-4467", datePublished: "2024-07-02T15:57:23.648Z", dateReserved: "2024-05-03T09:44:14.000Z", dateUpdated: "2024-11-13T14:26:07.158Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-26598
Vulnerability from cvelistv5
Published
2025-02-25 15:54
Modified
2025-03-27 04:20
Severity ?
EPSS score ?
Summary
An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ Version: 22.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-26598", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-25T16:24:04.385893Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-25T16:24:43.094Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://gitlab.freedesktop.org/xorg/xserver/", defaultStatus: "unaffected", packageName: "xserver", versions: [ { lessThan: "21.1.16", status: "affected", version: "0", versionType: "semver", }, { lessThan: "24.1.6", status: "affected", version: "22.0.0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.8.0-36.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.20.4-30.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-15.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.9.0-15.el8_2.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-15.el8_8.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.14.1-1.el9_5.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-22.el9_0.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-14.el9_2.10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-8.el9_4.5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "xorg-x11-server-Xwayland", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "xorg-x11-server-Xwayland", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, ], datePublic: "2025-02-25T00:00:00.000Z", descriptions: [ { lang: "en", value: "An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T04:20:45.713Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:2500", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2500", }, { name: "RHSA-2025:2502", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2502", }, { name: "RHSA-2025:2861", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2861", }, { name: "RHSA-2025:2862", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2862", }, { name: "RHSA-2025:2865", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2865", }, { name: "RHSA-2025:2866", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2866", }, { name: "RHSA-2025:2873", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2873", }, { name: "RHSA-2025:2874", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2874", }, { name: "RHSA-2025:2875", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2875", }, { name: "RHSA-2025:2879", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2879", }, { name: "RHSA-2025:2880", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2880", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2025-26598", }, { name: "RHBZ#2345254", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2345254", }, ], timeline: [ { lang: "en", time: "2025-02-12T14:15:01.664000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-02-25T00:00:00+00:00", value: "Made public.", }, ], title: "Xorg: xwayland: out-of-bounds write in createpointerbarrierclient()", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-787: Out-of-bounds Write", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2025-26598", datePublished: "2025-02-25T15:54:57.355Z", dateReserved: "2025-02-12T14:12:22.796Z", dateUpdated: "2025-03-27T04:20:45.713Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-0624
Vulnerability from cvelistv5
Published
2025-02-19 18:23
Modified
2025-03-31 04:05
Severity ?
EPSS score ?
Summary
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected: 1:2.02-0.87.el7_9.15 < * cpe:/o:redhat:rhel_els:7 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-0624", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-19T18:39:10.861038Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-19T18:39:29.836Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "grub2", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.02-0.87.el7_9.15", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "grub2", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.02-162.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.2::baseos", ], defaultStatus: "affected", packageName: "grub2", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.02-87.el8_2.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", ], defaultStatus: "affected", packageName: "grub2", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.02-99.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", ], defaultStatus: "affected", packageName: "grub2", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.02-99.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", ], defaultStatus: "affected", packageName: "grub2", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.02-99.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", ], defaultStatus: "affected", packageName: "grub2", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.02-123.el8_6.18", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", ], defaultStatus: "affected", packageName: "grub2", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.02-123.el8_6.18", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos", ], defaultStatus: "affected", packageName: "grub2", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.02-123.el8_6.18", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:8.8::baseos", ], defaultStatus: "affected", packageName: "grub2", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.02-152.el8_8.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::baseos", ], defaultStatus: "affected", packageName: "grub2", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.06-94.el9_5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:9.0::baseos", ], defaultStatus: "affected", packageName: "grub2", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.06-27.el9_0.22", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:9.2::baseos", ], defaultStatus: "affected", packageName: "grub2", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.06-61.el9_2.10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:9.4::baseos", ], defaultStatus: "affected", packageName: "grub2", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1:2.06-86.el9_4.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, ], datePublic: "2025-02-18T18:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-31T04:05:59.322Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:2521", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2521", }, { name: "RHSA-2025:2653", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2653", }, { name: "RHSA-2025:2655", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2655", }, { name: "RHSA-2025:2675", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2675", }, { name: "RHSA-2025:2784", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2784", }, { name: "RHSA-2025:2799", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2799", }, { name: "RHSA-2025:2867", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2867", }, { name: "RHSA-2025:2869", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2869", }, { name: "RHSA-2025:3367", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:3367", }, { name: "RHSA-2025:3396", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:3396", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2025-0624", }, { name: "RHBZ#2346112", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2346112", }, ], timeline: [ { lang: "en", time: "2025-02-17T14:35:38.127000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-02-18T18:00:00+00:00", value: "Made public.", }, ], title: "Grub2: net: out-of-bounds write in grub_net_search_config_file()", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-787: Out-of-bounds Write", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2025-0624", datePublished: "2025-02-19T18:23:21.463Z", dateReserved: "2025-01-21T16:49:51.381Z", dateUpdated: "2025-03-31T04:05:59.322Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-9050
Vulnerability from cvelistv5
Published
2024-10-22 12:14
Modified
2024-12-18 16:14
Severity ?
EPSS score ?
Summary
A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-9050", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-22T13:03:43.771304Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-22T13:08:22.196Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-10-25T03:09:04.241Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/10/25/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://gitlab.gnome.org/GNOME/NetworkManager-libreswan/", defaultStatus: "unaffected", packageName: "NetworkManager-libreswan", versions: [ { lessThan: "1.2.24", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:7.7::server", ], defaultStatus: "affected", packageName: "NetworkManager-libreswan", product: "Red Hat Enterprise Linux 7.7 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.2.4-4.el7_7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "NetworkManager-libreswan", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.2.4-4.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "NetworkManager-libreswan", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.2.10-7.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "NetworkManager-libreswan", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.2.10-6.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "NetworkManager-libreswan", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.2.10-6.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "NetworkManager-libreswan", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.2.10-6.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "NetworkManager-libreswan", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.2.10-6.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "NetworkManager-libreswan", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.2.10-6.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "NetworkManager-libreswan", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.2.10-6.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "NetworkManager-libreswan", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.2.10-6.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "NetworkManager-libreswan", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.2.10-6.el8_8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "NetworkManager-libreswan", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.2.22-4.el9_5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "NetworkManager-libreswan", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.2.14-3.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "NetworkManager-libreswan", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.2.14-6.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.4::appstream", ], defaultStatus: "affected", packageName: "NetworkManager-libreswan", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.2.18-6.el9_4", versionType: "rpm", }, ], }, ], datePublic: "2024-10-22T12:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-18T16:14:08.430Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:8312", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8312", }, { name: "RHSA-2024:8338", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8338", }, { name: "RHSA-2024:8352", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8352", }, { name: "RHSA-2024:8353", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8353", }, { name: "RHSA-2024:8354", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8354", }, { name: "RHSA-2024:8355", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8355", }, { name: "RHSA-2024:8356", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8356", }, { name: "RHSA-2024:8357", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8357", }, { name: "RHSA-2024:8358", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:8358", }, { name: "RHSA-2024:9555", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9555", }, { name: "RHSA-2024:9556", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9556", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-9050", }, { name: "RHBZ#2313828", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313828", }, { url: "https://www.openwall.com/lists/oss-security/2024/10/25/1", }, ], timeline: [ { lang: "en", time: "2024-09-19T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-10-22T12:00:00+00:00", value: "Made public.", }, ], title: "Networkmanager-libreswan: local privilege escalation via leftupdown", workarounds: [ { lang: "en", value: "A mitigation for this issue is either unavailable or the existing options do not meet Red Hat Product Security's standards for ease of use, deployment, widespread applicability, or stability. \n\nOne potential approach is to prevent local users from controlling networking through polkit. However, this would also block them from connecting to new Wi-Fi networks, which is not ideal for laptops but might be acceptable for workstations. Server customers typically don't need to be concerned, as they generally don't have local users capable of exploiting the bug.", }, ], x_redhatCweChain: "CWE-94: Improper Control of Generation of Code ('Code Injection')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-9050", datePublished: "2024-10-22T12:14:31.701Z", dateReserved: "2024-09-20T18:25:24.574Z", dateUpdated: "2024-12-18T16:14:08.430Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4727
Vulnerability from cvelistv5
Published
2024-06-11 19:30
Modified
2024-12-06 14:50
Severity ?
EPSS score ?
Summary
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:4051 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4070 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4164 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4165 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4179 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4222 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4367 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4403 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:4413 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-4727 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2232218 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-4727", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-11T20:43:47.420318Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-12T12:00:14.636Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T07:38:00.502Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:4051", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4051", }, { name: "RHSA-2024:4070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4070", }, { name: "RHSA-2024:4164", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4164", }, { name: "RHSA-2024:4165", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4165", }, { name: "RHSA-2024:4179", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4179", }, { name: "RHSA-2024:4222", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4222", }, { name: "RHSA-2024:4367", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4367", }, { name: "RHSA-2024:4403", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4403", }, { name: "RHSA-2024:4413", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:4413", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-4727", }, { name: "RHBZ#2232218", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2232218", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://www.keycloak.org/", defaultStatus: "unaffected", packageName: "keycloak", versions: [ { lessThan: "11.5.1", status: "affected", version: "0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:certificate_system_eus:10.4::el8", ], defaultStatus: "affected", packageName: "redhat-pki:10", product: "Red Hat Certificate System 10.4 EUS for RHEL-8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020240529205458.07fb4edf", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::client", ], defaultStatus: "affected", packageName: "pki-core", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:10.5.18-32.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "pki-core:10.6", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8100020240614102443.82f485b7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "pki-core:10.6", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020240329193548.17df0a3f", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "pki-core:10.6", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020240329193548.17df0a3f", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "pki-core:10.6", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020240329193548.17df0a3f", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "pki-core:10.6", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020240329182634.60523a7b", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "pki-core:10.6", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020240329182634.60523a7b", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "pki-core:10.6", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020240329182634.60523a7b", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "pki-core:10.6", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020240329143735.693a3987", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "pki-core", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:11.5.0-2.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "pki-core", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:11.0.6-3.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "pki-core", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:11.3.0-2.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "pki-core", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Pham Van Khanh (Calif) for reporting this issue.", }, ], datePublic: "2024-06-11T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-305", description: "Authentication Bypass by Primary Weakness", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-06T14:50:26.889Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:4051", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4051", }, { name: "RHSA-2024:4070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4070", }, { name: "RHSA-2024:4164", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4164", }, { name: "RHSA-2024:4165", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4165", }, { name: "RHSA-2024:4179", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4179", }, { name: "RHSA-2024:4222", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4222", }, { name: "RHSA-2024:4367", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4367", }, { name: "RHSA-2024:4403", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4403", }, { name: "RHSA-2024:4413", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:4413", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-4727", }, { name: "RHBZ#2232218", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2232218", }, ], timeline: [ { lang: "en", time: "2023-08-15T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-06-11T00:00:00+00:00", value: "Made public.", }, ], title: "Ca: token authentication bypass vulnerability", x_redhatCweChain: "CWE-305: Authentication Bypass by Primary Weakness", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-4727", datePublished: "2024-06-11T19:30:25.613Z", dateReserved: "2023-09-01T20:44:55.077Z", dateUpdated: "2024-12-06T14:50:26.889Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-26594
Vulnerability from cvelistv5
Published
2025-02-25 15:53
Modified
2025-03-27 04:19
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ Version: 22.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-26594", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-25T20:13:53.357050Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-25T20:14:16.754Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://gitlab.freedesktop.org/xorg/xserver/", defaultStatus: "unaffected", packageName: "xserver", versions: [ { lessThan: "21.1.16", status: "affected", version: "0", versionType: "semver", }, { lessThan: "24.1.6", status: "affected", version: "22.0.0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.8.0-36.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.20.4-30.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-15.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.9.0-15.el8_2.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-8.el8_4.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-6.el8_6.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-15.el8_8.12", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.14.1-1.el9_5.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.11.0-22.el9_0.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.12.0-14.el9_2.10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.4::appstream", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.13.1-8.el9_4.5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "affected", packageName: "tigervnc", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "xorg-x11-server-Xwayland", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "xorg-x11-server", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "xorg-x11-server-Xwayland", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, ], datePublic: "2025-02-25T00:00:00.000Z", descriptions: [ { lang: "en", value: "A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T04:19:40.033Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:2500", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2500", }, { name: "RHSA-2025:2502", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2502", }, { name: "RHSA-2025:2861", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2861", }, { name: "RHSA-2025:2862", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2862", }, { name: "RHSA-2025:2865", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2865", }, { name: "RHSA-2025:2866", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2866", }, { name: "RHSA-2025:2873", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2873", }, { name: "RHSA-2025:2874", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2874", }, { name: "RHSA-2025:2875", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2875", }, { name: "RHSA-2025:2879", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2879", }, { name: "RHSA-2025:2880", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:2880", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2025-26594", }, { name: "RHBZ#2345248", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2345248", }, ], timeline: [ { lang: "en", time: "2025-02-12T14:14:54.698000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-02-25T00:00:00+00:00", value: "Made public.", }, ], title: "X.org: xwayland: use-after-free of the root cursor", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-416: Use After Free", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2025-26594", datePublished: "2025-02-25T15:53:51.324Z", dateReserved: "2025-02-12T14:12:22.795Z", dateUpdated: "2025-03-27T04:19:40.033Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-11614
Vulnerability from cvelistv5
Published
2024-12-18 08:30
Modified
2025-02-26 11:56
Severity ?
EPSS score ?
Summary
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2025:0208 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:0209 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:0210 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:0211 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:0220 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:0221 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2025:0222 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-11614 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2327955 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 21.05 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-12-18T09:03:01.520Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/12/17/3", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-11614", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T14:47:13.057559Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-18T14:48:14.956Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://git.dpdk.org/dpdk-stable/", defaultStatus: "unaffected", packageName: "dpdk", versions: [ { lessThan: "21.11-4", status: "affected", version: "21.05", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "dpdk", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:23.11-2.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "dpdk", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:21.11-3.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "dpdk", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:21.11-3.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "dpdk", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:21.11-3.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "dpdk", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:21.11-4.el8_8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "dpdk", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:23.11-2.el9_5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "dpdk", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:21.11-3.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "dpdk", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:22.11-4.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.4::appstream", ], defaultStatus: "affected", packageName: "dpdk", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "2:23.11-2.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath", ], defaultStatus: "unaffected", packageName: "dpdk", product: "Fast Datapath for RHEL 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath", ], defaultStatus: "unaffected", packageName: "openvswitch", product: "Fast Datapath for RHEL 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath", ], defaultStatus: "unaffected", packageName: "openvswitch2.10", product: "Fast Datapath for RHEL 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath", ], defaultStatus: "unaffected", packageName: "openvswitch2.11", product: "Fast Datapath for RHEL 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath", ], defaultStatus: "unaffected", packageName: "openvswitch2.12", product: "Fast Datapath for RHEL 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath", ], defaultStatus: "unaffected", packageName: "openvswitch2.11", product: "Fast Datapath for RHEL 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath", ], defaultStatus: "unaffected", packageName: "openvswitch2.12", product: "Fast Datapath for RHEL 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath", ], defaultStatus: "unaffected", packageName: "openvswitch2.13", product: "Fast Datapath for RHEL 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath", ], defaultStatus: "unaffected", packageName: "openvswitch2.15", product: "Fast Datapath for RHEL 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath", ], defaultStatus: "unaffected", packageName: "openvswitch2.16", product: "Fast Datapath for RHEL 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath", ], defaultStatus: "unaffected", packageName: "openvswitch2.17", product: "Fast Datapath for RHEL 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath", ], defaultStatus: "unaffected", packageName: "openvswitch3.1", product: "Fast Datapath for RHEL 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath", ], defaultStatus: "unaffected", packageName: "openvswitch2.17", product: "Fast Datapath for RHEL 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath", ], defaultStatus: "unaffected", packageName: "openvswitch3.0", product: "Fast Datapath for RHEL 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath", ], defaultStatus: "unaffected", packageName: "openvswitch3.1", product: "Fast Datapath for RHEL 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath", ], defaultStatus: "unaffected", packageName: "openvswitch3.2", product: "Fast Datapath for RHEL 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath", ], defaultStatus: "unaffected", packageName: "openvswitch3.3", product: "Fast Datapath for RHEL 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath", ], defaultStatus: "unaffected", packageName: "openvswitch3.4", product: "Fast Datapath for RHEL 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openvswitch2.17", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openvswitch3.0", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openvswitch3.1", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, ], datePublic: "2024-12-17T00:00:00.000Z", descriptions: [ { lang: "en", value: "An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.0", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-26T11:56:36.361Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2025:0208", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0208", }, { name: "RHSA-2025:0209", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0209", }, { name: "RHSA-2025:0210", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0210", }, { name: "RHSA-2025:0211", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0211", }, { name: "RHSA-2025:0220", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0220", }, { name: "RHSA-2025:0221", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0221", }, { name: "RHSA-2025:0222", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0222", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-11614", }, { name: "RHBZ#2327955", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2327955", }, ], timeline: [ { lang: "en", time: "2024-11-22T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-12-17T00:00:00+00:00", value: "Made public.", }, ], title: "Dpdk: denial of service from malicious guest on hypervisors using dpdk vhost library", x_redhatCweChain: "CWE-125: Out-of-bounds Read", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-11614", datePublished: "2024-12-18T08:30:49.729Z", dateReserved: "2024-11-22T04:21:45.124Z", dateUpdated: "2025-02-26T11:56:36.361Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45769
Vulnerability from cvelistv5
Published
2024-09-19 08:45
Modified
2024-12-26 14:24
Severity ?
EPSS score ?
Summary
A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:6837 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6840 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6842 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6843 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6844 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6846 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6847 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6848 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:9452 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-45769 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2310452 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45769", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T13:39:40.637961Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-19T13:39:52.390Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/performancecopilot/pcp", defaultStatus: "affected", packageName: "pcp", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.3.7-22.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.0.2-9.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.2.5-8.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.2.5-8.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.2.5-8.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.3.5-10.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.3.5-10.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.3.5-10.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.3.7-19.el8_8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:6.2.0-5.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:6.2.2-7.el9_5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.3.5-10.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:6.0.1-8.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "pcp", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "pcp", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, ], datePublic: "2024-09-17T00:00:00+00:00", descriptions: [ { lang: "en", value: "A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-26T14:24:08.142Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:6837", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6837", }, { name: "RHSA-2024:6840", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6840", }, { name: "RHSA-2024:6842", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6842", }, { name: "RHSA-2024:6843", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6843", }, { name: "RHSA-2024:6844", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6844", }, { name: "RHSA-2024:6846", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6846", }, { name: "RHSA-2024:6847", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6847", }, { name: "RHSA-2024:6848", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6848", }, { name: "RHSA-2024:9452", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9452", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-45769", }, { name: "RHBZ#2310452", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310452", }, ], timeline: [ { lang: "en", time: "2024-09-06T17:07:45.533000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-09-17T00:00:00+00:00", value: "Made public.", }, ], title: "Pcp: pmcd heap corruption through metric pmstore operations", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-787: Out-of-bounds Write", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-45769", datePublished: "2024-09-19T08:45:06.247Z", dateReserved: "2024-09-06T14:56:44.790Z", dateUpdated: "2024-12-26T14:24:08.142Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52337
Vulnerability from cvelistv5
Published
2024-11-26 15:21
Modified
2025-02-25 11:46
Severity ?
EPSS score ?
Summary
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 2.23.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-52337", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-26T15:57:55.472014Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-26T15:58:21.678Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-11-29T04:33:54.110Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://www.openwall.com/lists/oss-security/2024/11/28/2", }, { url: "https://security.opensuse.org/2024/11/26/tuned-instance-create.html", }, ], title: "CVE Program Container", x_generator: { engine: "ADPogram 0.0.1", }, }, ], cna: { affected: [ { collectionURL: "https://github.com/redhat-performance/tuned", defaultStatus: "unaffected", packageName: "tuned", versions: [ { lessThan: "2.24.1", status: "affected", version: "2.23.0", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::fastdatapath", ], defaultStatus: "affected", packageName: "tuned", product: "Fast Datapath for Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.11.0-5.el7fdp.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::fastdatapath", ], defaultStatus: "affected", packageName: "tuned", product: "Fast Datapath for Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.24.0-2.1.20240819gitc082797f.el8fdp", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::fastdatapath", ], defaultStatus: "affected", packageName: "tuned", product: "Fast Datapath for Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.24.0-2.1.20240819gitc082797f.el9fdp", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_extras_rt_els:7", "cpe:/o:redhat:rhel_els:7", "cpe:/a:redhat:rhel_extras_sap_hana_els:7", "cpe:/a:redhat:rhel_extras_sap_els:7", ], defaultStatus: "affected", packageName: "tuned", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.11.0-13.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_extras_rt_els:7", "cpe:/o:redhat:rhel_els:7", "cpe:/a:redhat:rhel_extras_sap_hana_els:7", "cpe:/a:redhat:rhel_extras_sap_els:7", ], defaultStatus: "affected", packageName: "tuned", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.11.0-13.el7_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "tuned", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.22.1-5.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "tuned", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.22.1-5.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::nfv", "cpe:/a:redhat:rhel_tus:8.4::realtime", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::sap_hana", "cpe:/a:redhat:rhel_e4s:8.4::sap", ], defaultStatus: "affected", packageName: "tuned", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.20.0-1.el8_4.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::nfv", "cpe:/a:redhat:rhel_tus:8.4::realtime", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::sap_hana", "cpe:/a:redhat:rhel_e4s:8.4::sap", ], defaultStatus: "affected", packageName: "tuned", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.20.0-1.el8_4.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::nfv", "cpe:/a:redhat:rhel_tus:8.4::realtime", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::sap_hana", "cpe:/a:redhat:rhel_e4s:8.4::sap", ], defaultStatus: "affected", packageName: "tuned", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.20.0-1.el8_4.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.6::realtime", "cpe:/a:redhat:rhel_e4s:8.6::sap_hana", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/a:redhat:rhel_tus:8.6::nfv", "cpe:/a:redhat:rhel_e4s:8.6::nfv", "cpe:/a:redhat:rhel_e4s:8.6::sap", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/o:redhat:rhel_aus:8.6::baseos", ], defaultStatus: "affected", packageName: "tuned", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.20.0-1.el8_6.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.6::realtime", "cpe:/a:redhat:rhel_e4s:8.6::sap_hana", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/a:redhat:rhel_tus:8.6::nfv", "cpe:/a:redhat:rhel_e4s:8.6::nfv", "cpe:/a:redhat:rhel_e4s:8.6::sap", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/o:redhat:rhel_aus:8.6::baseos", ], defaultStatus: "affected", packageName: "tuned", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.20.0-1.el8_6.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.6::realtime", "cpe:/a:redhat:rhel_e4s:8.6::sap_hana", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/a:redhat:rhel_tus:8.6::appstream", "cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/a:redhat:rhel_tus:8.6::nfv", "cpe:/a:redhat:rhel_e4s:8.6::nfv", "cpe:/a:redhat:rhel_e4s:8.6::sap", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/o:redhat:rhel_aus:8.6::baseos", ], defaultStatus: "affected", packageName: "tuned", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.20.0-1.el8_6.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::sap_hana", "cpe:/a:redhat:rhel_eus:8.8::realtime", "cpe:/a:redhat:rhel_eus:8.8::appstream", "cpe:/a:redhat:rhel_eus:8.8::sap", "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::nfv", ], defaultStatus: "affected", packageName: "tuned", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.20.0-2.el8_8.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::sap", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::sap_hana", ], defaultStatus: "affected", packageName: "tuned", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.24.0-2.el9_5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::sap", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::sap_hana", ], defaultStatus: "affected", packageName: "tuned", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.24.0-2.el9_5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::realtime", "cpe:/a:redhat:rhel_eus:9.2::nfv", "cpe:/a:redhat:rhel_eus:9.2::sap", "cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/a:redhat:rhel_eus:9.2::sap_hana", ], defaultStatus: "affected", packageName: "tuned", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.20.0-3.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.4::sap_hana", "cpe:/a:redhat:rhel_eus:9.4::appstream", "cpe:/a:redhat:rhel_eus:9.4::sap", "cpe:/o:redhat:rhel_eus:9.4::baseos", "cpe:/a:redhat:rhel_eus:9.4::nfv", "cpe:/a:redhat:rhel_eus:9.4::realtime", ], defaultStatus: "affected", packageName: "tuned", product: "Red Hat Enterprise Linux 9.4 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:2.22.1-3.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "tuned", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Matthias Gerstner (SUSE Security Team) for reporting this issue.", }, ], datePublic: "2024-11-26T12:00:00.000Z", descriptions: [ { lang: "en", value: "A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-25T11:46:21.468Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:10381", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10381", }, { name: "RHSA-2024:10384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:10384", }, { name: "RHSA-2024:11161", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:11161", }, { name: "RHSA-2025:0195", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0195", }, { name: "RHSA-2025:0327", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0327", }, { name: "RHSA-2025:0368", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0368", }, { name: "RHSA-2025:0879", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0879", }, { name: "RHSA-2025:0880", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0880", }, { name: "RHSA-2025:0881", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:0881", }, { name: "RHSA-2025:1785", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1785", }, { name: "RHSA-2025:1802", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2025:1802", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-52337", }, { name: "RHBZ#2324541", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2324541", }, { url: "https://security.opensuse.org/2024/11/26/tuned-instance-create.html", }, { url: "https://www.openwall.com/lists/oss-security/2024/11/28/1", }, ], timeline: [ { lang: "en", time: "2024-11-08T12:56:07.615000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-11-26T12:00:00+00:00", value: "Made public.", }, ], title: "Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-20: Improper Input Validation", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-52337", datePublished: "2024-11-26T15:21:17.538Z", dateReserved: "2024-11-08T13:09:39.005Z", dateUpdated: "2025-02-25T11:46:21.468Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45770
Vulnerability from cvelistv5
Published
2024-09-19 08:45
Modified
2024-12-26 14:24
Severity ?
EPSS score ?
Summary
A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:6837 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6840 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6842 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6843 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6844 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6846 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6847 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:6848 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:9452 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-45770 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2310451 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45770", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T13:39:14.632000Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-19T13:39:25.166Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/performancecopilot/pcp", defaultStatus: "affected", packageName: "pcp", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.3.7-22.el8_10", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.0.2-9.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.2.5-8.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.2.5-8.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.2.5-8.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.3.5-10.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.3.5-10.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.3.5-10.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.3.7-19.el8_8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:6.2.0-5.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:6.2.2-7.el9_5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:9.0::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:5.3.5-10.el9_0", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "pcp", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:6.0.1-8.el9_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "pcp", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "pcp", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, ], datePublic: "2024-09-17T00:00:00+00:00", descriptions: [ { lang: "en", value: "A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "Improper Link Resolution Before File Access ('Link Following')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-26T14:24:10.273Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:6837", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6837", }, { name: "RHSA-2024:6840", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6840", }, { name: "RHSA-2024:6842", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6842", }, { name: "RHSA-2024:6843", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6843", }, { name: "RHSA-2024:6844", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6844", }, { name: "RHSA-2024:6846", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6846", }, { name: "RHSA-2024:6847", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6847", }, { name: "RHSA-2024:6848", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:6848", }, { name: "RHSA-2024:9452", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:9452", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-45770", }, { name: "RHBZ#2310451", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310451", }, ], timeline: [ { lang: "en", time: "2024-09-06T17:11:36.280000+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-09-17T00:00:00+00:00", value: "Made public.", }, ], title: "Pcp: pmpost symlink attack allows escalating pcp to root user", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-59: Improper Link Resolution Before File Access ('Link Following')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-45770", datePublished: "2024-09-19T08:45:37.303Z", dateReserved: "2024-09-06T14:56:44.790Z", dateUpdated: "2024-12-26T14:24:10.273Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }