vulnerability
Oracle Linux: CVE-2024-23301: ELSA-2024-1147: rear security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:C/I:N/A:N) | 01/13/2024 | 03/06/2024 | 01/02/2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:C/I:N/A:N)
Published
01/13/2024
Added
03/06/2024
Modified
01/02/2025
Description
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
A vulnerability has been identified in Relax-and-Recover (ReaR), where the use of GRUB_RESCUE=y results in the creation of an initrd that is readable by anyone. This flaw could potentially enable local attackers to obtain access to system secrets that are typically restricted to root privileges.
A vulnerability has been identified in Relax-and-Recover (ReaR), where the use of GRUB_RESCUE=y results in the creation of an initrd that is readable by anyone. This flaw could potentially enable local attackers to obtain access to system secrets that are typically restricted to root privileges.
Solution
oracle-linux-upgrade-rear
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.