CVE-2024-11584
EUVD-2024-5498026.06.2025, 10:15
cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| canonical | cloud-init | 𝑥 < 25.1.3 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| cloud-init |
| ||||||||||||||||||
| cloud-init-config-suse |
| ||||||||||||||||||
| python311-configobj |
| ||||||||||||||||||
| python311-jsonpatch |
| ||||||||||||||||||
| python311-jsonpointer |
| ||||||||||||||||||
| python311-passlib |
| ||||||||||||||||||
| python311-pyserial |
|
Common Weakness Enumeration