CVE-2024-23301
published 2024-01-12CVE-2024-23301: Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | rear | < rear 2.7+dfsg-1+deb12u1 (bookworm) | rear 2.7+dfsg-1+deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| relax-and-recover | relax-and-recover | <= 2.7 | — |
| suse | linux_enterprise | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv5.5MEDIUM