CVE-2024-6760: ktrace(2) fails to detach when executing a setuid binary
First published: Sun Aug 11 2024(Updated: )
A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database.
Credit: secteam@freebsd.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeBSD Kernel | <13.0 | |
| FreeBSD Kernel | >=13.1<13.3 | |
| FreeBSD Kernel | =13.3-p1 | |
| FreeBSD Kernel | =13.3-p2 | |
| FreeBSD Kernel | =13.3-p3 | |
| FreeBSD Kernel | =13.3-p4 | |
| FreeBSD Kernel | =14.0-beta5 | |
| FreeBSD Kernel | =14.0-p1 | |
| FreeBSD Kernel | =14.0-p2 | |
| FreeBSD Kernel | =14.0-p3 | |
| FreeBSD Kernel | =14.0-p4 | |
| FreeBSD Kernel | =14.0-p5 | |
| FreeBSD Kernel | =14.0-p6 | |
| FreeBSD Kernel | =14.0-p7 | |
| FreeBSD Kernel | =14.0-p8 | |
| FreeBSD Kernel | =14.0-rc3 | |
| FreeBSD Kernel | =14.0-rc4-p1 | |
| FreeBSD Kernel | =14.1-p1 | |
| FreeBSD Kernel | =14.1-p2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-6760?
CVE-2024-6760 is rated as a moderate severity vulnerability due to the potential exposure of sensitive information by unprivileged users.
How do I fix CVE-2024-6760?
To fix CVE-2024-6760, update to an unaffected version of FreeBSD, specifically any version beyond 13.3 or 14.0-p8.
Who is affected by CVE-2024-6760?
CVE-2024-6760 affects FreeBSD versions up to 13.3 and 14.0 up to 14.0-p8.
What is the impact of CVE-2024-6760?
The impact of CVE-2024-6760 allows unprivileged users to trace and inspect the behavior of setuid programs, potentially exposing sensitive data.
Can CVE-2024-6760 be exploited remotely?
CVE-2024-6760 requires local access, thus it cannot be directly exploited remotely without a prior compromise.
- agent/references
- agent/title
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/freebsd
- canonical/freebsd kernel
- version/freebsd kernel/13.1
- version/freebsd kernel/13.3-p1
- version/freebsd kernel/13.3-p2
- version/freebsd kernel/13.3-p3
- version/freebsd kernel/13.3-p4
- version/freebsd kernel/14.0-beta5
- version/freebsd kernel/14.0-p1
- version/freebsd kernel/14.0-p2
- version/freebsd kernel/14.0-p3
- version/freebsd kernel/14.0-p4
- version/freebsd kernel/14.0-p5
- version/freebsd kernel/14.0-p6
- version/freebsd kernel/14.0-p7
- version/freebsd kernel/14.0-p8
- version/freebsd kernel/14.0-rc3
- version/freebsd kernel/14.0-rc4-p1
- version/freebsd kernel/14.1-p1
- version/freebsd kernel/14.1-p2