{"api_version":"1","generated_at":"2026-07-07T00:15:53+00:00","cve":"CVE-2024-52336","urls":{"html":"https://cve.report/CVE-2024-52336","api":"https://cve.report/api/cve/CVE-2024-52336.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-52336","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-52336"},"summary":{"title":"Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root","description":"A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.","state":"PUBLISHED","assigner":"redhat","published_at":"2024-11-26 16:15:17","updated_at":"2026-06-26 02:16:50"},"problem_types":["CWE-269","CWE-269 Improper Privilege Management"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:0879","name":"https://access.redhat.com/errata/RHSA-2025:0879","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/redhat-performance/tuned/releases/tag/v2.24.1","name":"https://github.com/redhat-performance/tuned/releases/tag/v2.24.1","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security.opensuse.org/2024/11/26/tuned-instance-create.html","name":"https://security.opensuse.org/2024/11/26/tuned-instance-create.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2024-52336","name":"https://access.redhat.com/security/cve/CVE-2024-52336","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2024:10384","name":"https://access.redhat.com/errata/RHSA-2024:10384","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.openwall.com/lists/oss-security/2024/11/28/2","name":"https://www.openwall.com/lists/oss-security/2024/11/28/2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2324540","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2324540","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:0880","name":"https://access.redhat.com/errata/RHSA-2025:0880","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.openwall.com/lists/oss-security/2024/11/28/1","name":"https://www.openwall.com/lists/oss-security/2024/11/28/1","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-52336","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52336","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Fast Datapath for Red Hat Enterprise Linux 8","version":"unaffected 0:2.24.0-2.1.20240819gitc082797f.el8fdp * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Fast Datapath for Red Hat Enterprise Linux 9","version":"unaffected 0:2.24.0-2.1.20240819gitc082797f.el9fdp * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:2.24.0-2.el9_5 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:2.24.0-2.el9_5 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Fast Datapath for RHEL 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2024-11-08T00:00:00.000Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2024-11-26T12:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.","time":"","lang":"en"}],"exploits":[],"credits":[{"source":"CNA","value":"Red Hat would like to thank Matthias Gerstner (SUSE Security Team) for reporting this issue.","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2024","cve_id":"52336","cve":"CVE-2024-52336","epss":"0.002870000","percentile":"0.203710000","score_date":"2026-06-29","updated_at":"2026-06-30 00:06:53"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2024-52336","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2024-11-26T16:22:02.290977Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-11-26T16:22:12.371Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2024-11-29T04:32:53.450Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"https://www.openwall.com/lists/oss-security/2024/11/28/2"},{"url":"https://security.opensuse.org/2024/11/26/tuned-instance-create.html"}],"title":"CVE Program Container","x_generator":{"engine":"ADPogram 0.0.1"}}],"cna":{"affected":[{"collectionURL":"https://github.com/redhat-performance/tuned","defaultStatus":"unaffected","packageName":"tuned","versions":[{"lessThan":"2.24.1","status":"affected","version":"2.23.0","versionType":"semver"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:8::fastdatapath"],"defaultStatus":"affected","packageName":"tuned","product":"Fast Datapath for Red Hat Enterprise Linux 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.24.0-2.1.20240819gitc082797f.el8fdp","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:9::fastdatapath"],"defaultStatus":"affected","packageName":"tuned","product":"Fast Datapath for Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.24.0-2.1.20240819gitc082797f.el9fdp","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::nfv","cpe:/a:redhat:enterprise_linux:9::realtime","cpe:/a:redhat:enterprise_linux:9::sap","cpe:/a:redhat:enterprise_linux:9::sap_hana","cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","packageName":"tuned","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.24.0-2.el9_5","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::nfv","cpe:/a:redhat:enterprise_linux:9::realtime","cpe:/a:redhat:enterprise_linux:9::sap","cpe:/a:redhat:enterprise_linux:9::sap_hana","cpe:/o:redhat:enterprise_linux:9::baseos"],"defaultStatus":"affected","packageName":"tuned","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.24.0-2.el9_5","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:7::fastdatapath"],"defaultStatus":"unaffected","packageName":"tuned","product":"Fast Datapath for RHEL 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"affected","packageName":"tuned","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unaffected","packageName":"tuned","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unaffected","packageName":"tuned","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"unaffected","packageName":"tuned","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"}],"credits":[{"lang":"en","value":"Red Hat would like to thank Matthias Gerstner (SUSE Security Team) for reporting this issue."}],"datePublic":"2024-11-26T12:00:00.000Z","descriptions":[{"lang":"en","value":"A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-269","description":"Improper Privilege Management","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-26T00:51:25.852Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2024:10384","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2024:10384"},{"name":"RHSA-2025:0879","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:0879"},{"name":"RHSA-2025:0880","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:0880"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2024-52336"},{"name":"RHBZ#2324540","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2324540"},{"url":"https://github.com/redhat-performance/tuned/releases/tag/v2.24.1"},{"url":"https://security.opensuse.org/2024/11/26/tuned-instance-create.html"},{"url":"https://www.openwall.com/lists/oss-security/2024/11/28/1"}],"timeline":[{"lang":"en","time":"2024-11-08T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2024-11-26T12:00:00.000Z","value":"Made public."}],"title":"Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-269: Improper Privilege Management"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2024-52336","datePublished":"2024-11-26T15:21:13.518Z","dateReserved":"2024-11-08T13:09:39.004Z","dateUpdated":"2026-06-26T00:51:25.852Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-11-26 16:15:17","lastModifiedDate":"2026-06-26 02:16:50","problem_types":["CWE-269","CWE-269 Improper Privilege Management"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-26T16:22:02.290977Z","id":"CVE-2024-52336","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"52336","Ordinal":"1","Title":"Tuned: `script_pre` and `script_post` options allow to pass arbi","CVE":"CVE-2024-52336","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"52336","Ordinal":"1","NoteData":"A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.","Type":"Description","Title":"Tuned: `script_pre` and `script_post` options allow to pass arbi"}]}}}