vulnerability

Debian: CVE-2024-38394: gnome-settings-daemon -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:N/C:P/I:P/A:P)	Jun 16, 2024	May 15, 2025	May 27, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:P/A:P)

Published

Jun 16, 2024

Added

May 15, 2025

Modified

May 27, 2025

Description

Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE."

Solution

no-fix-debian-deb-package

References

CVE-2024-38394
https://attackerkb.com/topics/CVE-2024-38394

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today