SUSE update for util-linux

Published: 2024-04-09

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2024-28085
CWE-ID	CWE-20
Exploitation vector	Local
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software Subscribe	SUSE Linux Enterprise Server 15 SP4 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing LTSS 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing ESPOS 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 SP4 LTSS Operating systems & Components / Operating system openSUSE Leap Micro Operating systems & Components / Operating system SUSE Linux Enterprise Micro for Rancher Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Manager Retail Branch Server Operating systems & Components / Operating system SUSE Manager Server Operating systems & Components / Operating system SUSE Manager Proxy Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system libsmartcols-devel-64bit Operating systems & Components / Operating system package or component libuuid1-64bit Operating systems & Components / Operating system package or component libfdisk1-64bit-debuginfo Operating systems & Components / Operating system package or component libmount1-64bit Operating systems & Components / Operating system package or component libblkid-devel-64bit Operating systems & Components / Operating system package or component libblkid1-64bit-debuginfo Operating systems & Components / Operating system package or component libsmartcols1-64bit-debuginfo Operating systems & Components / Operating system package or component libuuid-devel-64bit Operating systems & Components / Operating system package or component libmount-devel-64bit Operating systems & Components / Operating system package or component libblkid1-64bit Operating systems & Components / Operating system package or component libfdisk1-64bit Operating systems & Components / Operating system package or component libmount1-64bit-debuginfo Operating systems & Components / Operating system package or component libsmartcols1-64bit Operating systems & Components / Operating system package or component libfdisk-devel-64bit Operating systems & Components / Operating system package or component libuuid1-64bit-debuginfo Operating systems & Components / Operating system package or component libsmartcols1-32bit Operating systems & Components / Operating system package or component libfdisk1-32bit-debuginfo Operating systems & Components / Operating system package or component libfdisk1-32bit Operating systems & Components / Operating system package or component libuuid-devel-32bit Operating systems & Components / Operating system package or component libsmartcols-devel-32bit Operating systems & Components / Operating system package or component libsmartcols1-32bit-debuginfo Operating systems & Components / Operating system package or component libfdisk-devel-32bit Operating systems & Components / Operating system package or component libblkid-devel-32bit Operating systems & Components / Operating system package or component libmount-devel-32bit Operating systems & Components / Operating system package or component python3-libmount-debugsource Operating systems & Components / Operating system package or component libfdisk-devel-static Operating systems & Components / Operating system package or component libsmartcols-devel-static Operating systems & Components / Operating system package or component libmount-devel-static Operating systems & Components / Operating system package or component python3-libmount Operating systems & Components / Operating system package or component python3-libmount-debuginfo Operating systems & Components / Operating system package or component util-linux-lang Operating systems & Components / Operating system package or component libuuid-devel Operating systems & Components / Operating system package or component libblkid1-debuginfo Operating systems & Components / Operating system package or component uuidd Operating systems & Components / Operating system package or component libuuid1-32bit-debuginfo Operating systems & Components / Operating system package or component libfdisk-devel Operating systems & Components / Operating system package or component libsmartcols1 Operating systems & Components / Operating system package or component uuidd-debuginfo Operating systems & Components / Operating system package or component libmount-devel Operating systems & Components / Operating system package or component util-linux-systemd-debugsource Operating systems & Components / Operating system package or component libuuid1-32bit Operating systems & Components / Operating system package or component libuuid1 Operating systems & Components / Operating system package or component libblkid1-32bit Operating systems & Components / Operating system package or component libsmartcols1-debuginfo Operating systems & Components / Operating system package or component libuuid-devel-static Operating systems & Components / Operating system package or component libuuid1-debuginfo Operating systems & Components / Operating system package or component libmount1-32bit-debuginfo Operating systems & Components / Operating system package or component libblkid-devel-static Operating systems & Components / Operating system package or component libblkid1 Operating systems & Components / Operating system package or component util-linux Operating systems & Components / Operating system package or component libfdisk1 Operating systems & Components / Operating system package or component libblkid-devel Operating systems & Components / Operating system package or component util-linux-systemd Operating systems & Components / Operating system package or component libsmartcols-devel Operating systems & Components / Operating system package or component libblkid1-32bit-debuginfo Operating systems & Components / Operating system package or component util-linux-debugsource Operating systems & Components / Operating system package or component libmount1-debuginfo Operating systems & Components / Operating system package or component libmount1 Operating systems & Components / Operating system package or component libmount1-32bit Operating systems & Components / Operating system package or component util-linux-debuginfo Operating systems & Components / Operating system package or component libfdisk1-debuginfo Operating systems & Components / Operating system package or component util-linux-systemd-debuginfo Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Input validation error

EUVDB-ID: #VU87906

Risk: Low

CVSSv3.1: 6.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2024-28085

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied arguments along with setgid tty permissions within the wall command. A local user can execute arbitrary commands with escalated privileges on the system.

Mitigation

Update the affected package util-linux to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

libsmartcols-devel-64bit: before 2.37.2-150400.8.29.1

libuuid1-64bit: before 2.37.2-150400.8.29.1

libfdisk1-64bit-debuginfo: before 2.37.2-150400.8.29.1

libmount1-64bit: before 2.37.2-150400.8.29.1

libblkid-devel-64bit: before 2.37.2-150400.8.29.1

libblkid1-64bit-debuginfo: before 2.37.2-150400.8.29.1

libsmartcols1-64bit-debuginfo: before 2.37.2-150400.8.29.1

libuuid-devel-64bit: before 2.37.2-150400.8.29.1

libmount-devel-64bit: before 2.37.2-150400.8.29.1

libblkid1-64bit: before 2.37.2-150400.8.29.1

libfdisk1-64bit: before 2.37.2-150400.8.29.1

libmount1-64bit-debuginfo: before 2.37.2-150400.8.29.1

libsmartcols1-64bit: before 2.37.2-150400.8.29.1

libfdisk-devel-64bit: before 2.37.2-150400.8.29.1

libuuid1-64bit-debuginfo: before 2.37.2-150400.8.29.1

libsmartcols1-32bit: before 2.37.2-150400.8.29.1

libfdisk1-32bit-debuginfo: before 2.37.2-150400.8.29.1

libfdisk1-32bit: before 2.37.2-150400.8.29.1

libuuid-devel-32bit: before 2.37.2-150400.8.29.1

libsmartcols-devel-32bit: before 2.37.2-150400.8.29.1

libsmartcols1-32bit-debuginfo: before 2.37.2-150400.8.29.1

libfdisk-devel-32bit: before 2.37.2-150400.8.29.1

libblkid-devel-32bit: before 2.37.2-150400.8.29.1

libmount-devel-32bit: before 2.37.2-150400.8.29.1

python3-libmount-debugsource: before 2.37.2-150400.8.29.1

libfdisk-devel-static: before 2.37.2-150400.8.29.1

libsmartcols-devel-static: before 2.37.2-150400.8.29.1

libmount-devel-static: before 2.37.2-150400.8.29.1

python3-libmount: before 2.37.2-150400.8.29.1

python3-libmount-debuginfo: before 2.37.2-150400.8.29.1

util-linux-lang: before 2.37.2-150400.8.29.1

libuuid-devel: before 2.37.2-150400.8.29.1

libblkid1-debuginfo: before 2.37.2-150400.8.29.1

uuidd: before 2.37.2-150400.8.29.1

libuuid1-32bit-debuginfo: before 2.37.2-150400.8.29.1

libfdisk-devel: before 2.37.2-150400.8.29.1

libsmartcols1: before 2.37.2-150400.8.29.1

uuidd-debuginfo: before 2.37.2-150400.8.29.1

libmount-devel: before 2.37.2-150400.8.29.1

util-linux-systemd-debugsource: before 2.37.2-150400.8.29.1

libuuid1-32bit: before 2.37.2-150400.8.29.1

libuuid1: before 2.37.2-150400.8.29.1

libblkid1-32bit: before 2.37.2-150400.8.29.1

libsmartcols1-debuginfo: before 2.37.2-150400.8.29.1

libuuid-devel-static: before 2.37.2-150400.8.29.1

libuuid1-debuginfo: before 2.37.2-150400.8.29.1

libmount1-32bit-debuginfo: before 2.37.2-150400.8.29.1

libblkid-devel-static: before 2.37.2-150400.8.29.1

libblkid1: before 2.37.2-150400.8.29.1

util-linux: before 2.37.2-150400.8.29.1

libfdisk1: before 2.37.2-150400.8.29.1

libblkid-devel: before 2.37.2-150400.8.29.1

util-linux-systemd: before 2.37.2-150400.8.29.1

libsmartcols-devel: before 2.37.2-150400.8.29.1

libblkid1-32bit-debuginfo: before 2.37.2-150400.8.29.1

util-linux-debugsource: before 2.37.2-150400.8.29.1

libmount1-debuginfo: before 2.37.2-150400.8.29.1

libmount1: before 2.37.2-150400.8.29.1

libmount1-32bit: before 2.37.2-150400.8.29.1

util-linux-debuginfo: before 2.37.2-150400.8.29.1

libfdisk1-debuginfo: before 2.37.2-150400.8.29.1

util-linux-systemd-debuginfo: before 2.37.2-150400.8.29.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241169-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.