Local Code Execution Vulnerability in Needrestart Product by Qualys
CVE-2024-48992

7.8HIGH

Key Information:

Vendor

Needrestart

Status
Needrestart
Vendor
CVE Published:
19 November 2024

What is CVE-2024-48992?

The vulnerability in Needrestart, prior to version 3.8, enables local attackers to execute arbitrary code with root privileges. This is achieved by manipulating the RUBYLIB environment variable, prompting Needrestart to invoke the Ruby interpreter in an unintended manner. It is crucial for organizations using affected versions to apply necessary patches to mitigate this security risk.

Affected Version(s)

needrestart Linux 0 < 3.8

References

https://www.cve.org/CVERecord?id=CVE-2024-48992
issue-tracking
https://github.com/liske/needrestart/commit/b5f25f6ec6e7d...
patch
https://www.qualys.com/2024/11/19/needrestart/needrestart...
third-party-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Credit

Qualys
Thomas Liske
Mark Esler
.