A logic bug in the code which disables kernel tracing for...
High severity
Unreviewed
Published
Aug 12, 2024
to the GitHub Advisory Database
•
Updated Oct 29, 2024
Description
Published by the National Vulnerability Database
Aug 12, 2024
Published to the GitHub Advisory Database
Aug 12, 2024
Last updated
Oct 29, 2024
A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs.
The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database.
References