Local Privilege Escalation Vulnerability in Provd Before v0.1.5
CVE-2024-6714

8.8HIGH

Key Information:

Vendor

Canonical Ltd.

Status
Ubuntu Desktop Provision
Vendor
CVE Published:
23 July 2024

What is CVE-2024-6714?

A vulnerability has been identified in the provd application, specifically affecting versions prior to 0.1.5. This flaw involves a setuid binary, which can be exploited by local attackers to escalate their privileges on the system. The implications of this vulnerability could lead to unauthorized access to sensitive system resources, making it essential for users to apply the necessary patches and upgrade to the latest version to mitigate potential risks.

Affected Version(s)

Ubuntu Desktop Provision Linux 0 < 0.1.5

References

https://github.com/canonical/ubuntu-desktop-provision/com...
patch
https://bugs.launchpad.net/ubuntu/+source/provd/+bug/2071574
issue-tracking
https://www.cve.org/CVERecord?id=CVE-2024-6714
issue-tracking

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

Credit

James Henstridge
Matthew Gary Hagemann
Luci Stanescu
.
CVE-2024-6714 : Local Privilege Escalation Vulnerability in Provd Before v0.1.5