What is the severity of CVE-2024-52867?

CVE-2024-52867 is considered a high-severity vulnerability due to its potential for privilege escalation.

How do I fix CVE-2024-52867?

To fix CVE-2024-52867, ensure that you upgrade to GNU Guix version 5ab3c4c or later as it contains the necessary patches.

Who is affected by CVE-2024-52867?

Any installations of GNU Guix prior to version 5ab3c4c are affected by CVE-2024-52867.

What happens if CVE-2024-52867 is exploited?

If exploited, CVE-2024-52867 can allow local users to escalate their privileges by accessing build outputs without proper checks.

When was CVE-2024-52867 disclosed?

CVE-2024-52867 was disclosed along with updates in early 2024, prompting developers to address the vulnerability.

Vulnerability/
CVE-2024-52867

high

8.1

CWE

276

17/11/2024

21/11/2024

CVE-2024-52867

First published: Sun Nov 17 2024(Updated: )

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
GNU Guix System Distribution	<5ab3c4c

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-52867?
CVE-2024-52867 is considered a high-severity vulnerability due to its potential for privilege escalation.
How do I fix CVE-2024-52867?
To fix CVE-2024-52867, ensure that you upgrade to GNU Guix version 5ab3c4c or later as it contains the necessary patches.
Who is affected by CVE-2024-52867?
Any installations of GNU Guix prior to version 5ab3c4c are affected by CVE-2024-52867.
What happens if CVE-2024-52867 is exploited?
If exploited, CVE-2024-52867 can allow local users to escalate their privileges by accessing build outputs without proper checks.
When was CVE-2024-52867 disclosed?
CVE-2024-52867 was disclosed along with updates in early 2024, prompting developers to address the vulnerability.

agent/description
agent/type
agent/first-publish-date
agent/severity
agent/author
agent/weakness
agent/event
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/last-modified-date
agent/references
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/gnu
canonical/gnu guix system distribution

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.