Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Feb 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Feb 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jan 2024, 19:21
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CPE | cpe:2.3:o:suse:linux_enterprise:15.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:relax-and-recover:relax-and-recover:*:*:*:*:*:*:*:* |
|
First Time |
Redhat enterprise Linux
Relax-and-recover Redhat Suse linux Enterprise Fedoraproject fedora Relax-and-recover relax-and-recover Fedoraproject Suse |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
CWE | NVD-CWE-noinfo | |
References | () https://github.com/rear/rear/issues/3122 - Exploit, Issue Tracking, Patch, Vendor Advisory | |
References | () https://github.com/rear/rear/pull/3123 - Patch, Vendor Advisory |
12 Jan 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-12 23:15
Updated : 2024-02-21 03:15
NVD link : CVE-2024-23301
Mitre link : CVE-2024-23301
CVE.ORG link : CVE-2024-23301
JSON object : View
Products Affected
fedoraproject
- fedora
suse
- linux_enterprise
redhat
- enterprise_linux
relax-and-recover
- relax-and-recover
CWE