CVE-2024-6760
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/08/2024
Last modified:
29/10/2024
Description
A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs.<br />
<br />
The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* | 13.0 (excluding) | |
| cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* | 13.1 (including) | 13.3 (excluding) |
| cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:13.3:p4:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:14.0:p8:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page