csaf_redhat - rhsa-2025:0879

rhsa-2025:0879

Vulnerability from csaf_redhat

Published

2025-02-03 00:09

Modified

2025-02-03 21:26

Summary

Red Hat Security Advisory: tuned security update

Notes

Topic

An update for tuned is now available for Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The tuned packages provide a service that tunes system settings according to a selected profile. Security Fix(es): * tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method (CVE-2024-52337) * tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root (CVE-2024-52336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for tuned is now available for Fast Datapath for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The tuned packages provide a service that tunes system settings according to a selected profile.\n\nSecurity Fix(es):\n\n* tuned: improper sanitization of `instance_name` parameter of the\n`instance_create()` method (CVE-2024-52337)\n\n* tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root (CVE-2024-52336)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:0879",
        "url": "https://access.redhat.com/errata/RHSA-2025:0879"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0879.json"
      }
    ],
    "title": "Red Hat Security Advisory: tuned security update",
    "tracking": {
      "current_release_date": "2025-02-03T21:26:41+00:00",
      "generator": {
        "date": "2025-02-03T21:26:41+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.6"
        }
      },
      "id": "RHSA-2025:0879",
      "initial_release_date": "2025-02-03T00:09:34+00:00",
      "revision_history": [
        {
          "date": "2025-02-03T00:09:34+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-02-03T00:09:34+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-02-03T21:26:41+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Fast Datapath for Red Hat Enterprise Linux 9",
                "product": {
                  "name": "Fast Datapath for Red Hat Enterprise Linux 9",
                  "product_id": "9Base-Fast-Datapath",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Fast Datapath"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.src",
                "product": {
                  "name": "tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.src",
                  "product_id": "tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-gtk-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-gtk-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-gtk-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-gtk@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-ppd-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-ppd-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-ppd-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-ppd@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-atomic-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-profiles-atomic-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-profiles-atomic-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-atomic@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-compat-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-profiles-compat-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-profiles-compat-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-compat@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-cpu-partitioning-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-profiles-cpu-partitioning-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-profiles-cpu-partitioning-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-cpu-partitioning@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-mssql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-profiles-mssql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-profiles-mssql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-mssql@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-nfv-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-profiles-nfv-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-profiles-nfv-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-nfv@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-nfv-guest-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-profiles-nfv-guest-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-profiles-nfv-guest-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-nfv-guest@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-nfv-host-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-profiles-nfv-host-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-profiles-nfv-host-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-nfv-host@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-openshift-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-profiles-openshift-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-profiles-openshift-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-openshift@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-oracle-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-profiles-oracle-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-profiles-oracle-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-oracle@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-postgresql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-profiles-postgresql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-profiles-postgresql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-postgresql@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-realtime-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-profiles-realtime-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-profiles-realtime-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-realtime@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-sap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-profiles-sap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-profiles-sap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-sap@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-sap-hana-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-profiles-sap-hana-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-profiles-sap-hana-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-sap-hana@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-profiles-spectrumscale-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-profiles-spectrumscale-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-profiles-spectrumscale-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-profiles-spectrumscale@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-utils-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-utils-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-utils-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-utils@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tuned-utils-systemtap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                "product": {
                  "name": "tuned-utils-systemtap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_id": "tuned-utils-systemtap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tuned-utils-systemtap@2.24.0-2.1.20240819gitc082797f.el9fdp?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.src as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.src"
        },
        "product_reference": "tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.src",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-gtk-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-gtk-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-gtk-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-ppd-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-ppd-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-ppd-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-atomic-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-profiles-atomic-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-profiles-atomic-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-compat-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-profiles-compat-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-profiles-compat-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-cpu-partitioning-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-profiles-cpu-partitioning-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-profiles-cpu-partitioning-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-mssql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-profiles-mssql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-profiles-mssql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-nfv-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-profiles-nfv-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-profiles-nfv-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-nfv-guest-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-profiles-nfv-guest-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-profiles-nfv-guest-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-nfv-host-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-profiles-nfv-host-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-profiles-nfv-host-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-openshift-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-profiles-openshift-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-profiles-openshift-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-oracle-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-profiles-oracle-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-profiles-oracle-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-postgresql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-profiles-postgresql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-profiles-postgresql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-realtime-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-profiles-realtime-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-profiles-realtime-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-sap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-profiles-sap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-profiles-sap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-sap-hana-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-profiles-sap-hana-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-profiles-sap-hana-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-profiles-spectrumscale-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-profiles-spectrumscale-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-profiles-spectrumscale-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-utils-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-utils-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-utils-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tuned-utils-systemtap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch as a component of Fast Datapath for Red Hat Enterprise Linux 9",
          "product_id": "9Base-Fast-Datapath:tuned-utils-systemtap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        },
        "product_reference": "tuned-utils-systemtap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
        "relates_to_product_reference": "9Base-Fast-Datapath"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Matthias Gerstner"
          ],
          "organization": "SUSE Security Team"
        }
      ],
      "cve": "CVE-2024-52336",
      "cwe": {
        "id": "CWE-269",
        "name": "Improper Privilege Management"
      },
      "discovery_date": "2024-11-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2324540"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The `instance_create()` D-Bus method has been added via upstream commit cddcd233 and was first part of version tag v2.23.0. Hence, versions of Tuned before 2.23.0 are unaffected. Also, note that the initial versions already contained support for the script option parameters and the `instance_name` parameter.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Fast-Datapath:tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.src",
          "9Base-Fast-Datapath:tuned-gtk-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-ppd-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-atomic-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-compat-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-cpu-partitioning-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-mssql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-nfv-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-nfv-guest-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-nfv-host-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-openshift-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-oracle-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-postgresql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-realtime-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-sap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-sap-hana-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-spectrumscale-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-utils-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-utils-systemtap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-52336"
        },
        {
          "category": "external",
          "summary": "RHBZ#2324540",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324540"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-52336",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52336"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-52336",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52336"
        },
        {
          "category": "external",
          "summary": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html",
          "url": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2024/11/28/1",
          "url": "https://www.openwall.com/lists/oss-security/2024/11/28/1"
        }
      ],
      "release_date": "2024-11-26T12:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-03T00:09:34+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Fast-Datapath:tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.src",
            "9Base-Fast-Datapath:tuned-gtk-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-ppd-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-atomic-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-compat-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-cpu-partitioning-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-mssql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-nfv-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-nfv-guest-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-nfv-host-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-openshift-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-oracle-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-postgresql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-realtime-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-sap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-sap-hana-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-spectrumscale-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-utils-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-utils-systemtap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:0879"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Fast-Datapath:tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.src",
            "9Base-Fast-Datapath:tuned-gtk-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-ppd-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-atomic-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-compat-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-cpu-partitioning-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-mssql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-nfv-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-nfv-guest-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-nfv-host-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-openshift-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-oracle-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-postgresql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-realtime-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-sap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-sap-hana-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-spectrumscale-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-utils-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-utils-systemtap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-Fast-Datapath:tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.src",
            "9Base-Fast-Datapath:tuned-gtk-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-ppd-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-atomic-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-compat-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-cpu-partitioning-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-mssql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-nfv-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-nfv-guest-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-nfv-host-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-openshift-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-oracle-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-postgresql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-realtime-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-sap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-sap-hana-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-spectrumscale-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-utils-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-utils-systemtap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Matthias Gerstner"
          ],
          "organization": "SUSE Security Team"
        }
      ],
      "cve": "CVE-2024-52337",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2024-11-08T12:56:07.615000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2324541"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the \u0027evil\u0027 the attacker could mimic a valid TuneD log line and trick the administrator. The quotes \u0027\u0027 are usually used in TuneD logs citing raw user input, so there will always be the \u0027 character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned\u0027s D-Bus interface for such operations.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is classified as moderate severity instead of important because it primarily affects the integrity of logging rather than directly compromising system confidentiality, availability, or functionality. While an attacker can manipulate log entries to mislead administrators or obfuscate their actions, the impact is limited to the interpretation of logs and does not inherently grant the attacker elevated privileges or direct control over the system. Additionally, the spoofing relies on administrators overlooking inconsistencies, making the success of exploitation context-dependent and less universally impactful. These factors reduce the overall risk compared to vulnerabilities that enable direct compromise or significant disruption.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Fast-Datapath:tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.src",
          "9Base-Fast-Datapath:tuned-gtk-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-ppd-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-atomic-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-compat-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-cpu-partitioning-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-mssql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-nfv-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-nfv-guest-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-nfv-host-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-openshift-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-oracle-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-postgresql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-realtime-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-sap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-sap-hana-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-profiles-spectrumscale-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-utils-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
          "9Base-Fast-Datapath:tuned-utils-systemtap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-52337"
        },
        {
          "category": "external",
          "summary": "RHBZ#2324541",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324541"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-52337",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52337"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-52337",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52337"
        },
        {
          "category": "external",
          "summary": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html",
          "url": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2024/11/28/1",
          "url": "https://www.openwall.com/lists/oss-security/2024/11/28/1"
        }
      ],
      "release_date": "2024-11-26T12:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-02-03T00:09:34+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Fast-Datapath:tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.src",
            "9Base-Fast-Datapath:tuned-gtk-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-ppd-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-atomic-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-compat-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-cpu-partitioning-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-mssql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-nfv-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-nfv-guest-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-nfv-host-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-openshift-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-oracle-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-postgresql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-realtime-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-sap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-sap-hana-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-spectrumscale-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-utils-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-utils-systemtap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:0879"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Fast-Datapath:tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.src",
            "9Base-Fast-Datapath:tuned-gtk-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-ppd-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-atomic-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-compat-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-cpu-partitioning-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-mssql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-nfv-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-nfv-guest-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-nfv-host-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-openshift-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-oracle-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-postgresql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-realtime-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-sap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-sap-hana-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-spectrumscale-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-utils-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-utils-systemtap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-Fast-Datapath:tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp.src",
            "9Base-Fast-Datapath:tuned-gtk-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-ppd-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-atomic-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-compat-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-cpu-partitioning-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-mssql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-nfv-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-nfv-guest-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-nfv-host-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-openshift-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-oracle-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-postgresql-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-realtime-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-sap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-sap-hana-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-profiles-spectrumscale-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-utils-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch",
            "9Base-Fast-Datapath:tuned-utils-systemtap-0:2.24.0-2.1.20240819gitc082797f.el9fdp.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method"
    }
  ]
}

cve-2024-52337

Vulnerability from cvelistv5

Published

2024-11-26 15:21

Modified

2025-02-03 19:52

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2024:10381	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:10384	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:11161	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:0195	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:0327	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:0368	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:0879	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:0880	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:0881	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-52337	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2324541	issue-tracking, x_refsource_REDHAT
	https://security.opensuse.org/2024/11/26/tuned-instance-create.html
	https://www.openwall.com/lists/oss-security/2024/11/28/1

Impacted products

Vendor

Product

Version

▼

Version: 2.23.0 ≤

Red Hat	Fast Datapath for Red Hat Enterprise Linux 7	Unaffected: 0:2.11.0-5.el7fdp.2 < * cpe:/o:redhat:enterprise_linux:7::fastdatapath
Red Hat	Fast Datapath for Red Hat Enterprise Linux 8	Unaffected: 0:2.24.0-2.1.20240819gitc082797f.el8fdp < * cpe:/o:redhat:enterprise_linux:8::fastdatapath
Red Hat	Fast Datapath for Red Hat Enterprise Linux 9	Unaffected: 0:2.24.0-2.1.20240819gitc082797f.el9fdp < * cpe:/o:redhat:enterprise_linux:9::fastdatapath
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:2.11.0-13.el7_9 < * cpe:/o:redhat:rhel_els:7 cpe:/a:redhat:rhel_extras_rt_els:7 cpe:/a:redhat:rhel_extras_sap_hana_els:7 cpe:/a:redhat:rhel_extras_sap_els:7
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:2.11.0-13.el7_9 < * cpe:/o:redhat:rhel_els:7 cpe:/a:redhat:rhel_extras_rt_els:7 cpe:/a:redhat:rhel_extras_sap_hana_els:7 cpe:/a:redhat:rhel_extras_sap_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.22.1-5.el8_10 < * cpe:/a:redhat:enterprise_linux:8::realtime cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::sap cpe:/a:redhat:enterprise_linux:8::sap_hana
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.22.1-5.el8_10 < * cpe:/a:redhat:enterprise_linux:8::realtime cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::sap cpe:/a:redhat:enterprise_linux:8::sap_hana
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:2.20.0-1.el8_4.2 < * cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::realtime cpe:/a:redhat:rhel_e4s:8.4::sap cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/a:redhat:rhel_e4s:8.4::sap_hana cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::nfv cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/a:redhat:rhel_tus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Unaffected: 0:2.20.0-1.el8_4.2 < * cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::realtime cpe:/a:redhat:rhel_e4s:8.4::sap cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/a:redhat:rhel_e4s:8.4::sap_hana cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::nfv cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/a:redhat:rhel_tus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Unaffected: 0:2.20.0-1.el8_4.2 < * cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::realtime cpe:/a:redhat:rhel_e4s:8.4::sap cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/a:redhat:rhel_e4s:8.4::sap_hana cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::nfv cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/a:redhat:rhel_tus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:2.20.0-1.el8_6.2 < * cpe:/a:redhat:rhel_tus:8.6::realtime cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::sap_hana cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::nfv cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::sap cpe:/a:redhat:rhel_tus:8.6::nfv
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:2.20.0-1.el8_6.2 < * cpe:/a:redhat:rhel_tus:8.6::realtime cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::sap_hana cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::nfv cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::sap cpe:/a:redhat:rhel_tus:8.6::nfv
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:2.20.0-1.el8_6.2 < * cpe:/a:redhat:rhel_tus:8.6::realtime cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::sap_hana cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::nfv cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/a:redhat:rhel_e4s:8.6::sap cpe:/a:redhat:rhel_tus:8.6::nfv
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:2.20.0-2.el8_8.1 < * cpe:/a:redhat:rhel_eus:8.8::sap_hana cpe:/a:redhat:rhel_eus:8.8::appstream cpe:/o:redhat:rhel_eus:8.8::baseos cpe:/a:redhat:rhel_eus:8.8::sap cpe:/a:redhat:rhel_eus:8.8::nfv cpe:/a:redhat:rhel_eus:8.8::realtime
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.24.0-2.el9_5 < * cpe:/a:redhat:enterprise_linux:9::sap_hana cpe:/a:redhat:enterprise_linux:9::nfv cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::sap cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::realtime
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.24.0-2.el9_5 < * cpe:/a:redhat:enterprise_linux:9::sap_hana cpe:/a:redhat:enterprise_linux:9::nfv cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::sap cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::realtime
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52337",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T15:57:55.472014Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T15:58:21.678Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-29T04:33:54.110Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.openwall.com/lists/oss-security/2024/11/28/2"
          },
          {
            "url": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/redhat-performance/tuned",
          "defaultStatus": "unaffected",
          "packageName": "tuned",
          "versions": [
            {
              "lessThan": "2.24.1",
              "status": "affected",
              "version": "2.23.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Fast Datapath for Red Hat Enterprise Linux 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.11.0-5.el7fdp.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Fast Datapath for Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.24.0-2.1.20240819gitc082797f.el8fdp",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Fast Datapath for Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.24.0-2.1.20240819gitc082797f.el9fdp",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7",
            "cpe:/a:redhat:rhel_extras_rt_els:7",
            "cpe:/a:redhat:rhel_extras_sap_hana_els:7",
            "cpe:/a:redhat:rhel_extras_sap_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.11.0-13.el7_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7",
            "cpe:/a:redhat:rhel_extras_rt_els:7",
            "cpe:/a:redhat:rhel_extras_sap_hana_els:7",
            "cpe:/a:redhat:rhel_extras_sap_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.11.0-13.el7_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::realtime",
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::nfv",
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::sap",
            "cpe:/a:redhat:enterprise_linux:8::sap_hana"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.22.1-5.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::realtime",
            "cpe:/o:redhat:enterprise_linux:8::baseos",
            "cpe:/a:redhat:enterprise_linux:8::nfv",
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::sap",
            "cpe:/a:redhat:enterprise_linux:8::sap_hana"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.22.1-5.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_tus:8.4::realtime",
            "cpe:/a:redhat:rhel_e4s:8.4::sap",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/a:redhat:rhel_e4s:8.4::sap_hana",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/a:redhat:rhel_tus:8.4::nfv",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/a:redhat:rhel_tus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.20.0-1.el8_4.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_tus:8.4::realtime",
            "cpe:/a:redhat:rhel_e4s:8.4::sap",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/a:redhat:rhel_e4s:8.4::sap_hana",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/a:redhat:rhel_tus:8.4::nfv",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/a:redhat:rhel_tus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.20.0-1.el8_4.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_tus:8.4::realtime",
            "cpe:/a:redhat:rhel_e4s:8.4::sap",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/a:redhat:rhel_e4s:8.4::sap_hana",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/a:redhat:rhel_tus:8.4::nfv",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/a:redhat:rhel_tus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.20.0-1.el8_4.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::realtime",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::sap_hana",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::nfv",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::sap",
            "cpe:/a:redhat:rhel_tus:8.6::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.20.0-1.el8_6.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::realtime",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::sap_hana",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::nfv",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::sap",
            "cpe:/a:redhat:rhel_tus:8.6::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.20.0-1.el8_6.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::realtime",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::sap_hana",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/o:redhat:rhel_tus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::nfv",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/a:redhat:rhel_e4s:8.6::sap",
            "cpe:/a:redhat:rhel_tus:8.6::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.20.0-1.el8_6.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::sap_hana",
            "cpe:/a:redhat:rhel_eus:8.8::appstream",
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::sap",
            "cpe:/a:redhat:rhel_eus:8.8::nfv",
            "cpe:/a:redhat:rhel_eus:8.8::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.20.0-2.el8_8.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::sap_hana",
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::sap",
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.24.0-2.el9_5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::sap_hana",
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::sap",
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.24.0-2.el9_5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Matthias Gerstner (SUSE Security Team) for reporting this issue."
        }
      ],
      "datePublic": "2024-11-26T12:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the \u0027evil\u0027 the attacker could mimic a valid TuneD log line and trick the administrator. The quotes \u0027\u0027 are usually used in TuneD logs citing raw user input, so there will always be the \u0027 character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned\u0027s D-Bus interface for such operations."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T19:52:43.006Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:10381",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10381"
        },
        {
          "name": "RHSA-2024:10384",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10384"
        },
        {
          "name": "RHSA-2024:11161",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:11161"
        },
        {
          "name": "RHSA-2025:0195",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:0195"
        },
        {
          "name": "RHSA-2025:0327",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:0327"
        },
        {
          "name": "RHSA-2025:0368",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:0368"
        },
        {
          "name": "RHSA-2025:0879",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:0879"
        },
        {
          "name": "RHSA-2025:0880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:0880"
        },
        {
          "name": "RHSA-2025:0881",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:0881"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-52337"
        },
        {
          "name": "RHBZ#2324541",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324541"
        },
        {
          "url": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2024/11/28/1"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-08T12:56:07.615000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-11-26T12:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-20: Improper Input Validation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-52337",
    "datePublished": "2024-11-26T15:21:17.538Z",
    "dateReserved": "2024-11-08T13:09:39.005Z",
    "dateUpdated": "2025-02-03T19:52:43.006Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-52336

Vulnerability from cvelistv5

Published

2024-11-26 15:21

Modified

2025-02-03 19:52

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2024:10384	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:0879	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:0880	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-52336	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2324540	issue-tracking, x_refsource_REDHAT
	https://security.opensuse.org/2024/11/26/tuned-instance-create.html
	https://www.openwall.com/lists/oss-security/2024/11/28/1

Impacted products

Vendor

Product

Version

▼

Version: 2.23.0 ≤

Red Hat	Fast Datapath for Red Hat Enterprise Linux 8	Unaffected: 0:2.24.0-2.1.20240819gitc082797f.el8fdp < * cpe:/o:redhat:enterprise_linux:8::fastdatapath
Red Hat	Fast Datapath for Red Hat Enterprise Linux 9	Unaffected: 0:2.24.0-2.1.20240819gitc082797f.el9fdp < * cpe:/o:redhat:enterprise_linux:9::fastdatapath
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.24.0-2.el9_5 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::nfv cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::sap_hana cpe:/a:redhat:enterprise_linux:9::sap
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.24.0-2.el9_5 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::nfv cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::sap_hana cpe:/a:redhat:enterprise_linux:9::sap
Red Hat	Fast Datapath for RHEL 7	cpe:/o:redhat:enterprise_linux:7::fastdatapath
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52336",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T16:22:02.290977Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T16:22:12.371Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-29T04:32:53.450Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.openwall.com/lists/oss-security/2024/11/28/2"
          },
          {
            "url": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/redhat-performance/tuned",
          "defaultStatus": "unaffected",
          "packageName": "tuned",
          "versions": [
            {
              "lessThan": "2.24.1",
              "status": "affected",
              "version": "2.23.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Fast Datapath for Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.24.0-2.1.20240819gitc082797f.el8fdp",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Fast Datapath for Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.24.0-2.1.20240819gitc082797f.el9fdp",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/a:redhat:enterprise_linux:9::sap_hana",
            "cpe:/a:redhat:enterprise_linux:9::sap"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.24.0-2.el9_5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/a:redhat:enterprise_linux:9::sap_hana",
            "cpe:/a:redhat:enterprise_linux:9::sap"
          ],
          "defaultStatus": "affected",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.24.0-2.el9_5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
          ],
          "defaultStatus": "unaffected",
          "packageName": "tuned",
          "product": "Fast Datapath for RHEL 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "tuned",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Matthias Gerstner (SUSE Security Team) for reporting this issue."
        }
      ],
      "datePublic": "2024-11-26T12:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T19:52:18.467Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:10384",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10384"
        },
        {
          "name": "RHSA-2025:0879",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:0879"
        },
        {
          "name": "RHSA-2025:0880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:0880"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-52336"
        },
        {
          "name": "RHBZ#2324540",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324540"
        },
        {
          "url": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2024/11/28/1"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-08T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-11-26T12:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-269: Improper Privilege Management"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-52336",
    "datePublished": "2024-11-26T15:21:13.518Z",
    "dateReserved": "2024-11-08T13:09:39.004Z",
    "dateUpdated": "2025-02-03T19:52:18.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2025:0879

Vulnerability from csaf_redhat

cve-2024-52337

Vulnerability from cvelistv5

cve-2024-52336

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature