PT-2024-25539 · Hyprland · Hyprland
Sam James
·
Published
2024-04-28
·
Updated
2026-05-15
·
CVE-2024-33904
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hyprland versions through 0.39.1
Description
A local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file through a race condition in plugins/HookSystem.cpp. This issue allows for the execution of arbitrary assembly code.
Recommendations
For Hyprland versions through 0.39.1, update to a version after 28c8561 to resolve the issue. As a temporary workaround, consider restricting access to the temporary files used by the HookSystem to minimize the risk of exploitation.
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hyprland