SB2024071257 - SUSE update for Recommended update for wicked
Published: July 12, 2024
Security Bulletin ID
SB2024071257
CSH Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Privilege escalation (CVE-ID: N/A)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a local user on the guest system to gain elevated privileges on the host system.
The weakness is due to insufficient access control. By causing an array reference error in the VGA device emulation code, a local attacker can modify the heap, execute arbitrary code with root privileges and gain elevated privileges on the host system.
Successful exploitation of the vulnerability results in privilege escalation on the target system.
Remediation
Install update from vendor's website.