Lucene search
Ubuntu.comUB:CVE-2024-38394HistoryJun 16, 2024 - 12:00 a.m.
CVE-2024-38394
2024-06-1600:00:00
ubuntu.com
ubuntu.com
1
cve-2024-38394
gnome settings daemon
linux kernel
usb authorization policy
unauthorized access
device matching logic
physical proximity
mitigation
feature
6.2 Medium
AI Score
Confidence
Low
DISPUTED Mismatches in interpreting USB authorization policy between
GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel’s underlying
device matching logic allow a physically proximate attacker to access some
unintended Linux kernel USB functionality, such as USB device-specific
kernel modules and filesystem implementations. NOTE: the GSD supplier
indicates that consideration of a mitigation for this within GSD would be
in the context of “a new feature, not a CVE.”
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | as of 2024-06-17, there is no fix from gnome-settings-daemon as they don’t believe that is the proper place to address this issue. Deferring this CVE for now. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | gnome-settings-daemon | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | gnome-settings-daemon | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | gnome-settings-daemon | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | gnome-settings-daemon | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | gnome-settings-daemon | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | gnome-settings-daemon | < any | UNKNOWN |
Related
redhatcve
redhatcve
CVE-2024-38394
2024-06-18 05:07:19
vulnrichment
vulnrichment
CVE-2024-38394
2024-06-15 00:00:00
cve
cve
CVE-2024-38394
2024-06-16 00:15:49
cvelist
cvelist
CVE-2024-38394
2024-06-15 00:00:00
nessus
nessus
debiancve
debiancve
CVE-2024-38394
2024-06-16 00:15:49
nvd
nvd
CVE-2024-38394
2024-06-16 00:15:49
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:2170-1)
2024-06-25 00:00:00