PT-2024-8308 · Linux+7 · Linux Kernel+7

Marco Vanotti

·

Published

2024-08-13

·

Updated

2025-09-29

·

CVE-2024-43882

CVSS v3.1

8.4

High

VectorAV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50
Description The issue is related to a Time-of-Check-to-Time-of-Use (ToCToU) vulnerability in the Linux kernel. When opening a file for execution via do filp open(), permission checking is done against the file's metadata at that moment. Later, in the execve() code path, the file metadata (specifically mode, uid, and gid) is used to determine if and how to set the uid and gid. However, these values may have changed since the permissions check, allowing the execution to gain unintended privileges. This can occur when package managers update the setuid bits of installed programs, potentially leading to unauthorized root privileges. The vulnerability is rare in real-world scenarios but has been observed and proven exploitable.
Recommendations To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider restricting access to files that are being updated by package managers to minimize the risk of exploitation.

Exploit

Fix

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-11345
ALT-PU-2024-11855
ALT-PU-2024-11863
ALT-PU-2024-12053
ALT-PU-2024-12232
ALT-PU-2024-12537
ALT-PU-2024-13121
ALT-PU-2024-13260
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-48495
BDU:2024-09861
CVE-2024-43882
DLA-3912-1
DLA-4008-1
INFSA-2025_6966
LSN-0108-1
LSN-0109-1
MGASA-2024-0309
MGASA-2024-0310
OESA-2024-2076
OESA-2024-2077
OESA-2024-2078
OESA-2024-2079
OESA-2024-2080
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3249-1
OPENSUSE-SU-2024_3408-1
OPENSUSE-SU-2024_3483-1
OPENSUSE-SU-2025_01610-1
OPENSUSE-SU-2025_01655-1
OPENSUSE-SU-2025_01668-1
OPENSUSE-SU-2025_01675-1
OPENSUSE-SU-2025_01676-1
OPENSUSE-SU-2025_01683-1
OPENSUSE-SU-2025_01692-1
RHSA-2025:6966
RHSA-2025_6966
SUSE-SU-2024:3189-1
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3225-1
SUSE-SU-2024:3227-1
SUSE-SU-2024:3249-1
SUSE-SU-2024:3251-1
SUSE-SU-2024:3252-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3408-1
SUSE-SU-2024:3467-1
SUSE-SU-2024:3483-1
SUSE-SU-2024:3499-1
SUSE-SU-2025:01590-1
SUSE-SU-2025:01601-1
SUSE-SU-2025:01610-1
SUSE-SU-2025:01655-1
SUSE-SU-2025:01668-1
SUSE-SU-2025:01675-1
SUSE-SU-2025:01676-1
SUSE-SU-2025:01683-1
SUSE-SU-2025:01692-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7088-1
USN-7088-2
USN-7088-3
USN-7088-4
USN-7088-5
USN-7100-1
USN-7100-2
USN-7119-1
USN-7120-1
USN-7120-2
USN-7120-3
USN-7121-1
USN-7121-2
USN-7121-3
USN-7123-1
USN-7144-1
USN-7148-1
USN-7156-1
USN-7194-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu