CVE-2024-6760

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 12, 2024
Updated: Oct 29, 2024
CWE ID 862

Summary

CVE-2024-6760 is a logic bug identified in the kernel that fails to disable tracing for setuid programs when it should. This oversight enables unprivileged users to trace the behavior of these programs, potentially gaining unauthorized access to sensitive information. Specifically, an unprivileged user could inspect the contents of protected files, including the local password database. This vulnerability poses a significant security risk and requires immediate attention from system administrators.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share