vulnerability
Oracle Linux: CVE-2024-23301: ELSA-2024-1147: rear security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:C/I:N/A:N) | Jan 13, 2024 | Mar 6, 2024 | Dec 3, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:C/I:N/A:N)
Published
Jan 13, 2024
Added
Mar 6, 2024
Modified
Dec 3, 2025
Description
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
A vulnerability has been identified in Relax-and-Recover (ReaR), where the use of GRUB_RESCUE=y results in the creation of an initrd that is readable by anyone. This flaw could potentially enable local attackers to obtain access to system secrets that are typically restricted to root privileges.
A vulnerability has been identified in Relax-and-Recover (ReaR), where the use of GRUB_RESCUE=y results in the creation of an initrd that is readable by anyone. This flaw could potentially enable local attackers to obtain access to system secrets that are typically restricted to root privileges.
Solution
oracle-linux-upgrade-rear
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.