CVE-2024-45770

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Performance Co-Pilot (PCP) (affected versions not specified)

Description: A vulnerability was found in Performance Co-Pilot (PCP), related to the pmpost tool, which is used to log messages in the system. This flaw can only be exploited if an attacker has access to a compromised PCP system account. Under certain conditions, the pmpost tool runs with high-level privileges, allowing an attacker to potentially execute code with root privileges by replacing a symbolic link to the "/var/log/pcp/NOTICES" file.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-61CWE-59

Related Identifiers

ALSA-2024:6837

ALSA-2024:6848

ALSA-2024:9452

AZL-49653

AZL-49659

BDU:2025-12378

CESA-2024_6837

CVE-2024-45770

INFSA-2024_6837

INFSA-2024_6848

INFSA-2024_9452

OESA-2025-1293

OESA-2025-1294

OESA-2025-1295

OPENSUSE-SU-2024_3533-1

OPENSUSE-SU-2024_3785-1

OPENSUSE-SU-2025_0011-1

OPENSUSE-SU-2026:10705-1

RHSA-2024:6837

RHSA-2024:6840

RHSA-2024:6842

RHSA-2024:6843

RHSA-2024:6844

RHSA-2024:6846

RHSA-2024:6847

RHSA-2024:6848

RHSA-2024:9452

RHSA-2024_6837

RHSA-2024_6848

RHSA-2024_9452

RLSA-2024:6837

RLSA-2024:6848

RLSA-2024:9452

SUSE-SU-2024:3533-1

SUSE-SU-2024:3785-1

SUSE-SU-2024:3976-1

SUSE-SU-2025:0011-1

SUSE-SU-2025:20133-1

SUSE-SU-2025:20235-1

Affected Products

Almalinux

Centos

Debian

Performance Co-Pilot

Red Hat

Red Os

Rocky Linux

Suse

CVE-2024-45770

Weakness Enumeration

Related Identifiers

Affected Products

References · 85