Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-01-12T00:00:00
Updated: 2024-08-01T22:59:32.206Z
Reserved: 2024-01-12T00:00:00
Link: CVE-2024-23301
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-01-12T23:15:10.030
Modified: 2024-02-21T03:15:08.950
Link: CVE-2024-23301
Redhat