CVE-2024-52336 - Vulnerability Details

A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Fast Datapath for Red Hat Enterprise Linux 8
tuned-0:2.24.0-2.1.20240819gitc082797f.el8fdp	cpe:/o:redhat:enterprise_linux:8::fastdatapath	RHSA-2025:0880	2025-02-03T00:00:00Z
Fast Datapath for Red Hat Enterprise Linux 9
tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp	cpe:/o:redhat:enterprise_linux:9::fastdatapath	RHSA-2025:0879	2025-02-03T00:00:00Z
Red Hat Enterprise Linux 9
tuned-0:2.24.0-2.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:10384	2024-11-26T00:00:00Z
tuned-0:2.24.0-2.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:10384	2024-11-26T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:10384
https://access.redhat.com/errata/RHSA-2025:0879
https://access.redhat.com/errata/RHSA-2025:0880
https://access.redhat.com/security/cve/CVE-2024-52336
https://bugzilla.redhat.com/show_bug.cgi?id=2324540
https://nvd.nist.gov/vuln/detail/CVE-2024-52336
https://security.opensuse.org/2024/11/26/tuned-instance-create.html
https://www.cve.org/CVERecord?id=CVE-2024-52336
https://www.openwall.com/lists/oss-security/2024/11/28/1
https://www.openwall.com/lists/oss-security/2024/11/28/2

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00055}`	epss `{'score': 0.00045}`

Wed, 21 May 2025 01:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:10

Mon, 03 Feb 2025 20:00:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:0879 https://access.redhat.com/errata/RHSA-2025:0880

Thu, 05 Dec 2024 02:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-269

Mon, 02 Dec 2024 14:15:00 +0000

Type	Values Removed	Values Added
References		https://www.openwall.com/lists/oss-security/2024/11/28/1

Fri, 29 Nov 2024 05:30:00 +0000

Type	Values Removed	Values Added
References		https://security.opensuse.org/2024/11/26/tuned-instance-create.html https://www.openwall.com/lists/oss-security/2024/11/28/2

Wed, 27 Nov 2024 01:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
References		https://nvd.nist.gov/vuln/detail/CVE-2024-52336 https://www.cve.org/CVERecord?id=CVE-2024-52336
Metrics	threat_severity `None`	threat_severity `Important`

Tue, 26 Nov 2024 19:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::sap cpe:/a:redhat:enterprise_linux:9::sap_hana cpe:/o:redhat:enterprise_linux:9::baseos
References		https://access.redhat.com/errata/RHSA-2024:10384

Tue, 26 Nov 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 26 Nov 2024 15:30:00 +0000

Type	Values Removed	Values Added
Description		A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
Title		Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:7::fastdatapath cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:8::fastdatapath cpe:/o:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9::fastdatapath
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2024-52336 https://bugzilla.redhat.com/show_bug.cgi?id=2324540
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-11-26T15:21:13.518Z

Updated: 2025-05-21T01:04:32.633Z

Reserved: 2024-11-08T13:09:39.004Z

Link: CVE-2024-52336

Vulnrichment

Updated: 2024-11-29T04:32:53.450Z

NVD

Status : Awaiting Analysis

Published: 2024-11-26T16:15:17.093

Modified: 2025-02-03T20:15:33.123

Link: CVE-2024-52336

Redhat

Severity : Important

Publid Date: 2024-11-26T12:00:00Z

Links: CVE-2024-52336 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-52336", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-11-08T13:09:39.004Z", "datePublished": "2024-11-26T15:21:13.518Z", "dateUpdated": "2025-05-21T01:04:32.633Z"}, "containers": {"cna": {"title": "Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation."}], "affected": [{"versions": [{"status": "affected", "version": "2.23.0", "lessThan": "2.24.1", "versionType": "semver"}], "packageName": "tuned", "collectionURL": "https://github.com/redhat-performance/tuned", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tuned", "defaultStatus": "affected", "versions": [{"version": "0:2.24.0-2.1.20240819gitc082797f.el8fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tuned", "defaultStatus": "affected", "versions": [{"version": "0:2.24.0-2.1.20240819gitc082797f.el9fdp", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tuned", "defaultStatus": "affected", "versions": [{"version": "0:2.24.0-2.el9_5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::sap_hana", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::sap", "cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tuned", "defaultStatus": "affected", "versions": [{"version": "0:2.24.0-2.el9_5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::sap_hana", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::sap", "cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tuned", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tuned", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tuned", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tuned", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tuned", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:10384", "name": "RHSA-2024:10384", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0879", "name": "RHSA-2025:0879", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0880", "name": "RHSA-2025:0880", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-52336", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324540", "name": "RHBZ#2324540", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html"}, {"url": "https://www.openwall.com/lists/oss-security/2024/11/28/1"}], "datePublic": "2024-11-26T12:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-269: Improper Privilege Management", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-11-08T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-11-26T12:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Matthias Gerstner (SUSE Security Team) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-05-21T01:04:32.633Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-26T16:22:02.290977Z", "id": "CVE-2024-52336", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T16:22:12.371Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-29T04:32:53.450Z"}, "references": [{"url": "https://www.openwall.com/lists/oss-security/2024/11/28/2"}, {"url": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.openwall.com/lists/oss-security/2024/11/28/2"}, {"url": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html"}], "x_generator": {"engine": "ADPogram 0.0.1"}, "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-29T04:32:53.450Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-52336", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-26T16:22:02.290977Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T16:22:09.209Z"}}], "cna": {"title": "Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root", "credits": [{"lang": "en", "value": "Red Hat would like to thank Matthias Gerstner (SUSE Security Team) for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"versions": [{"status": "affected", "version": "2.23.0", "lessThan": "2.24.1", "versionType": "semver"}], "packageName": "tuned", "collectionURL": "https://github.com/redhat-performance/tuned", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:2.24.0-2.1.20240819gitc082797f.el8fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "tuned", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:2.24.0-2.1.20240819gitc082797f.el9fdp", "lessThan": "*", "versionType": "rpm"}], "packageName": "tuned", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::sap_hana", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::sap", "cpe:/o:redhat:enterprise_linux:9::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:2.24.0-2.el9_5", "lessThan": "*", "versionType": "rpm"}], "packageName": "tuned", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::sap_hana", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::sap", "cpe:/o:redhat:enterprise_linux:9::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:2.24.0-2.el9_5", "lessThan": "*", "versionType": "rpm"}], "packageName": "tuned", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"], "vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "packageName": "tuned", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "tuned", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "tuned", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "tuned", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "tuned", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-11-08T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-11-26T12:00:00+00:00", "value": "Made public."}], "datePublic": "2024-11-26T12:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:10384", "name": "RHSA-2024:10384", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0879", "name": "RHSA-2025:0879", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0880", "name": "RHSA-2025:0880", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-52336", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324540", "name": "RHBZ#2324540", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html"}, {"url": "https://www.openwall.com/lists/oss-security/2024/11/28/1"}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "Improper Privilege Management"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-05-21T01:04:32.633Z"}, "x_redhatCweChain": "CWE-269: Improper Privilege Management"}}, "cveMetadata": {"cveId": "CVE-2024-52336", "state": "PUBLISHED", "dateUpdated": "2025-05-21T01:04:32.633Z", "dateReserved": "2024-11-08T13:09:39.004Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-11-26T15:21:13.518Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de scripts en el paquete Tuned. La funci\u00f3n `instance_create()` de D-Bus puede ser invocada por usuarios que hayan iniciado sesi\u00f3n localmente sin autenticaci\u00f3n. Esta falla permite que un usuario local sin privilegios ejecute una llamada de D-Bus con opciones `script_pre` o `script_post` que permiten pasar scripts arbitrarios con sus rutas absolutas. Estos scripts o programas ejecutables controlados por el usuario o el atacante podr\u00edan ser ejecutados por Tuned con privilegios de superusuario, lo que podr\u00eda permitir a los atacantes una escalada de privilegios local."}], "id": "CVE-2024-52336", "lastModified": "2025-02-03T20:15:33.123", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-11-26T16:15:17.093", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:10384"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0879"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0880"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-52336"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324540"}, {"source": "secalert@redhat.com", "url": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html"}, {"source": "secalert@redhat.com", "url": "https://www.openwall.com/lists/oss-security/2024/11/28/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.opensuse.org/2024/11/26/tuned-instance-create.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.openwall.com/lists/oss-security/2024/11/28/2"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Matthias Gerstner (SUSE Security Team) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2025:0880", "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package": "tuned-0:2.24.0-2.1.20240819gitc082797f.el8fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", "release_date": "2025-02-03T00:00:00Z"}, {"advisory": "RHSA-2025:0879", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2025-02-03T00:00:00Z"}, {"advisory": "RHSA-2024:10384", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "tuned-0:2.24.0-2.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-26T00:00:00Z"}, {"advisory": "RHSA-2024:10384", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "tuned-0:2.24.0-2.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-26T00:00:00Z"}], "bugzilla": {"description": "tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root", "id": "2324540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324540"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-269", "details": ["A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.", "A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-52336", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Not affected", "package_name": "tuned", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "tuned", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "tuned", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "tuned", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "tuned", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2024-11-26T12:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-52336\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-52336\nhttps://security.opensuse.org/2024/11/26/tuned-instance-create.html\nhttps://www.openwall.com/lists/oss-security/2024/11/28/1"], "statement": "The `instance_create()` D-Bus method has been added via upstream commit cddcd233 and was first part of version tag v2.23.0. Hence, versions of Tuned before 2.23.0 are unaffected. Also, note that the initial versions already contained support for the script option parameters and the `instance_name` parameter.", "threat_severity": "Important"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object