A script injection vulnerability was identified in the Tuned package. The instance_create()
D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with script_pre
or script_post
options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Fast Datapath for Red Hat Enterprise Linux 8 | RedHat | tuned-0:2.24.0-2.1.20240819gitc082797f.el8fdp | * |
Fast Datapath for Red Hat Enterprise Linux 9 | RedHat | tuned-0:2.24.0-2.1.20240819gitc082797f.el9fdp | * |
Red Hat Enterprise Linux 9 | RedHat | tuned-0:2.24.0-2.el9_5 | * |
Red Hat Enterprise Linux 9 | RedHat | tuned-0:2.24.0-2.el9_5 | * |