Published: 12/01/2024 Updated: 21/02/2024

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 0

Relax-and-Recover (aka ReaR) up to and including 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local malicious users to gain access to system secrets otherwise only readable by root.

Vulnerable Product	Search on Vulmon	Subscribe to Product
relax-and-recover relax-and-recover
suse linux enterprise 15.0
redhat enterprise linux 8.0
redhat enterprise linux 9.0
fedoraproject fedora 39

Debian Bug report logs - #1060747 rear: CVE-2024-23301 Package: src:rear; Maintainer for src:rear is Frédéric Bonnard <frediz@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 13 Jan 2024 16:27:01 UTC Severity: important Tags: security, upstream Found in versions rear/27+dfsg-11, rear ...

DescriptionThis CVE is under investigation by Red Hat Product Security ...

NVD-CWE-noinfo https://github.com/rear/rear/issues/3122 https://github.com/rear/rear/pull/3123 https://lists.debian.org/debian-lts-announce/2024/02/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JIN57LUPBI2GDJOK3PYXNHJTZT3AQTZ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHKMPXJNXEJJE6EVYE5HM7EKEJFQMBN7/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060747 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2024-23301

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-23301

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect