CVE-2024-6760
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Aug 12, 2024
Updated: Oct 29, 2024
CWE ID 862
Summary
CVE-2024-6760 is a logic bug identified in the kernel that fails to disable tracing for setuid programs when it should. This oversight enables unprivileged users to trace the behavior of these programs, potentially gaining unauthorized access to sensitive information. Specifically, an unprivileged user could inspect the contents of protected files, including the local password database. This vulnerability poses a significant security risk and requires immediate attention from system administrators.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- FreeBSD
Affected Vendors
- FreeBSD Project