Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:2170-1

Опубликовано: 22 июн. 2024
Источник: suse-cvrf

Описание

Security update for gnome-settings-daemon

This update for gnome-settings-daemon fixes the following issues:

  • CVE-2024-38394: Fixed mismatches in interpreting USB authorization policy (bsc#1226423).

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
gnome-settings-daemon-41.0-150400.3.3.1
gnome-settings-daemon-devel-41.0-150400.3.3.1
gnome-settings-daemon-lang-41.0-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
gnome-settings-daemon-41.0-150400.3.3.1
gnome-settings-daemon-devel-41.0-150400.3.3.1
gnome-settings-daemon-lang-41.0-150400.3.3.1
SUSE Linux Enterprise Server 15 SP4-LTSS
gnome-settings-daemon-41.0-150400.3.3.1
gnome-settings-daemon-devel-41.0-150400.3.3.1
gnome-settings-daemon-lang-41.0-150400.3.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
gnome-settings-daemon-41.0-150400.3.3.1
gnome-settings-daemon-devel-41.0-150400.3.3.1
gnome-settings-daemon-lang-41.0-150400.3.3.1

Ссылки

Описание

** DISPUTED ** Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE."

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gnome-settings-daemon-41.0-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gnome-settings-daemon-devel-41.0-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gnome-settings-daemon-lang-41.0-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:gnome-settings-daemon-41.0-150400.3.3.1
Ссылки
Уязвимость SUSE-SU-2024:2170-1