PT-2024-8542 · Unknown+3 · Needrestart+3

Ivan Kurnosov

Published

2024-11-17

Updated

2025-02-07

CVE-2024-48991

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions needrestart versions prior to 3.8

Description The issue is related to a race condition that allows local attackers to execute arbitrary code as root by tricking needrestart into running a fake Python interpreter. This is achieved by winning a race condition and substituting the system's real Python interpreter with a malicious one. The initial security fix introduced a regression, which was subsequently resolved.

Recommendations For needrestart versions prior to 3.8, update to version 3.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the usr/bin/python file to prevent substitution with a malicious executable until a patch is applied.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

BDU:2024-10109

CVE-2024-48991

DLA-3957-1

DLA-3957-2

DSA-5815-1

DSA-5815-2

USN-7117-1

USN-7117-2

USN-7117-3

Affected Products

Astra Linux

Linuxmint

Ubuntu

Needrestart

PT-2024-8542 · Unknown+3 · Needrestart+3

CVE-2024-48991

Weakness Enumeration

Related Identifiers

Affected Products

References · 55