CVE-2024-6760

Published Aug 12, 2024

Last updated 18 days ago

CVSS high 7.5

Overview

Description: A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database.
Source: secteam@freebsd.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-862

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18A4E85D-70A5-4382-AAB7-4A531615613D",
            "versionEndExcluding": "13.0"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEC367A5-24D1-414E-BC77-07968E787D01",
            "versionEndExcluding": "13.3",
            "versionStartIncluding": "13.1"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABEA48EC-24EA-4106-9465-CE66B938635F"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DFB5BD0-E777-4CAA-B2E0-3F3357D06D01"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC8C769C-A23E-4F61-AC42-4DA64421B096"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45B0589E-2E7D-4516-A8A0-88F30038EAB0"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB7B021E-F4AD-44AC-96AB-8ACAF8AB1B88"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69A72B5A-2189-4700-8E8B-1E5E7CA86C40"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5771F187-281B-4680-B562-EFC7441A8F88"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A4437F5-9DDA-4769-974E-23BFA085E0DB"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9C3A3D4-C9F4-41EB-B532-821AF83470B1"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "878A1F0A-087F-47D7-9CA5-A54BB8D6676A"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE73CDC3-B5A7-4921-89C6-8F9DC426CB3E"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50A5E650-31FB-45BE-8827-641B58A83E45"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D59CFDD3-AEC3-43F1-A620-0B1F0BAD9048"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "038E5B85-7F60-4D71-8D3F-EDBF6E036CE0"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF309824-D379-4749-A1FA-BCB2987DD671"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA813990-8C8F-4EE8-9F2B-9F73C510A7B2"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:14.1:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4DFA201-27D5-4C01-B90F-E24778943C3B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References