CVE-2024-49504Incorrect Default Permissions in Opensuse Tumbleweed

CWE-276Incorrect Default Permissions6 documents6 sources
Severity
7.0HIGHNVD
EPSS
0.1%
top 74.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Suse Opensuse Tumbleweed
Timeline
PublishedNov 13

Description

grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5suse/opensuse_tumbleweed?2.12-28.1

🔴Vulnerability Details

3
CVEList
grub2 allows bypassing TPM-bound disk encryption on SL(E)M encrypted Images2024-11-13
OSV
CVE-2024-49504: grub2 allowed attackers with access to the grub shell to access files on the encrypted disks2024-11-13
GHSA
GHSA-46pf-6w9r-96r9: grub2 allowed attackers with access to the grub shell to access files on the encrypted disks2024-11-13

📋Vendor Advisories

2
Red Hat
grub2: grub2 allows bypassing TPM-bound disk encryption on SL(E)M encrypted Images2024-11-13
Debian
CVE-2024-49504: grub2 - grub2 allowed attackers with access to the grub shell to access files on the enc...2024
CVE-2024-49504 — Incorrect Default Permissions | cvebase