#VU87906 Input validation error in Util-linux - CVE-2024-28085
Published: March 28, 2024 / Updated: December 15, 2025
Vulnerability identifier: #VU87906
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2024-28085
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Util-linux
Util-linux
Software vendor:
kernel.org
kernel.org
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied arguments along with setgid tty permissions within the wall command. A local user can execute arbitrary commands with escalated privileges on the system.
Remediation
Install update from vendor's website.