SB2025071434 - Multiple vulnerabilities in Canonical cloud-init
Published: July 14, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Insufficient verification of data authenticity (CVE-ID: CVE-2024-6174)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists in the way the application identified the boot data source. An attacker can create a rogue service on the local network to impersonate an openstack endpoint and provide root-configuration data to cloud-init on instance launch leading to a security backdoor to root during system boot.
2) Incorrect default permissions (CVE-ID: CVE-2024-11584)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to software includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. A local user with access to the system can execute hotplug-hook commands.
Remediation
Install update from vendor's website.
References
- https://github.com/canonical/cloud-init/releases/tag/25.1.3
- https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/2069607
- https://github.com/advisories/GHSA-w8g9-wp36-fchj
- https://github.com/canonical/cloud-init/pull/6265/commits/6e10240a7f0a2d6110b398640b3fd46cfa9a7cf3
- https://github.com/advisories/GHSA-3xmh-hrxh-fx8j