{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-38394", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-12T20:55:53.239Z", "dateReserved": "2024-06-15T00:00:00", "datePublished": "2024-06-15T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-15T23:53:35.056904"}, "descriptions": [{"lang": "en", "value": "Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of \"a new feature, not a CVE.\""}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://pulsesecurity.co.nz/advisories/usbguard-bypass"}, {"url": "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780"}, {"url": "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780#note_2047914"}, {"url": "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/tags"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T15:20:18.364109Z", "id": "CVE-2024-38394", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T20:55:53.239Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:24.588Z"}, "title": "CVE Program Container", "references": [{"url": "https://pulsesecurity.co.nz/advisories/usbguard-bypass", "tags": ["x_transferred"]}, {"url": "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780", "tags": ["x_transferred"]}, {"url": "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780#note_2047914", "tags": ["x_transferred"]}, {"url": "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/tags", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://pulsesecurity.co.nz/advisories/usbguard-bypass", "tags": ["x_transferred"]}, {"url": "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780", "tags": ["x_transferred"]}, {"url": "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780#note_2047914", "tags": ["x_transferred"]}, {"url": "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/tags", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:24.588Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-38394", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T15:20:18.364109Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T15:20:27.882Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://pulsesecurity.co.nz/advisories/usbguard-bypass"}, {"url": "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780"}, {"url": "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780#note_2047914"}, {"url": "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/tags"}], "descriptions": [{"lang": "en", "value": "Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of \"a new feature, not a CVE.\""}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-15T23:53:35.056904"}}}, "cveMetadata": {"cveId": "CVE-2024-38394", "state": "PUBLISHED", "dateUpdated": "2024-11-12T20:55:53.239Z", "dateReserved": "2024-06-15T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-06-15T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of \"a new feature, not a CVE.\""}, {"lang": "es", "value": "Las discrepancias en la interpretaci\u00f3n de la pol\u00edtica de autorizaci\u00f3n USB entre el Daemon de configuraci\u00f3n de GNOME (GSD) hasta 46.0 y la l\u00f3gica de coincidencia de dispositivos subyacente del kernel de Linux permiten que un atacante f\u00edsicamente cercano acceda a algunas funciones USB del kernel de Linux no deseadas, como m\u00f3dulos del kernel espec\u00edficos de dispositivos USB e implementaciones de sistemas de archivos. NOTA: el proveedor de GSD indica que la consideraci\u00f3n de una mitigaci\u00f3n para esto dentro de GSD ser\u00eda en el contexto de \"una nueva caracter\u00edstica, no un CVE\"."}], "id": "CVE-2024-38394", "lastModified": "2024-11-21T09:25:35.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-16T00:15:49.380", "references": [{"source": "cve@mitre.org", "url": "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780"}, {"source": "cve@mitre.org", "url": "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780#note_2047914"}, {"source": "cve@mitre.org", "url": "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/tags"}, {"source": "cve@mitre.org", "url": "https://pulsesecurity.co.nz/advisories/usbguard-bypass"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780#note_2047914"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/tags"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://pulsesecurity.co.nz/advisories/usbguard-bypass"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "gnome-settings-daemon: USBGuard bypass", "id": "2292830", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292830"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-288", "details": ["Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of \"a new feature, not a CVE.\"", "A flaw was found in gnome-settings-daemon. This vulnerability allows an attacker, via kernel and local access, to access and jeopardize the USB in a Linux environment."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-38394", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "gnome-settings-daemon", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "gnome-settings-daemon", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38394\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38394\nhttps://pulsesecurity.co.nz/advisories/usbguard-bypass"], "threat_severity": "Moderate"}

{}