PT-2024-25909 · Buildroot · Buildroot
Ben Hutchings
·
Published
2024-05-03
·
Updated
2024-07-03
·
CVE-2024-34455
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Buildroot versions prior to 0b2967e
Buildroot version 2024.02.2 and later are not affected, but all versions before 0b2967e are vulnerable. Since 2024.02.2 is the fixed version, we list all versions prior to 0b2967e as vulnerable.
Description
The issue is related to the lack of the sticky bit for the /dev/shm directory in Buildroot before version 0b2967e. A fix was released in version 2024.02.2.
Recommendations
For Buildroot versions prior to 0b2967e, update to version 2024.02.2 or later to resolve the issue.
As a temporary workaround, consider setting the sticky bit for the /dev/shm directory manually until a patch is applied.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Buildroot