CVE Vulnerabilities

CVE-2024-48991

Published: Nov 19, 2024 | Modified: Dec 03, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
HIGH

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the systems real Python interpreter). The initial security fix (6ce6136) introduced a regression which was subsequently resolved (42af5d3).

Affected Software

Name Vendor Start Version End Version
Needrestart Ubuntu devel *
Needrestart Ubuntu esm-apps/bionic *
Needrestart Ubuntu esm-apps/focal *
Needrestart Ubuntu esm-apps/xenial *
Needrestart Ubuntu focal *
Needrestart Ubuntu jammy *
Needrestart Ubuntu noble *
Needrestart Ubuntu oracular *
Needrestart Ubuntu upstream *

References