CVE-2024-53920

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GNU Emacs versions through 30.0.92

Description The issue is related to the elisp-completion-at-point function in GNU Emacs, which can trigger unsafe Lisp macro expansion when used on untrusted Emacs Lisp source code. This allows attackers to execute arbitrary code. The same unsafe expansion occurs if a user enables on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code. The vulnerability is associated with incorrect code generation management.

Recommendations For GNU Emacs versions through 30.0.92, update to a version later than 30.0.92 to resolve the issue. As a temporary workaround, consider disabling the elisp-completion-at-point function and avoiding the use of on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code until a patch is available. Restrict access to untrusted Emacs Lisp source code to minimize the risk of exploitation.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

ALSA-2025:11030

ALSA-2025:4787

ALSA-2025:9448

AZL-53558

AZL-53703

BDU:2024-10771

CESA-2025_11030

CVE-2024-53920

DLA-4069-1

DSA-5871-1

INFSA-2025_11030

INFSA-2025_4787

INFSA-2025_9448

MGASA-2024-0397

OESA-2025-2760

OPENSUSE-SU-2024:14591-1

OPENSUSE-SU-2024_4392-1

OPENSUSE-SU-2025_0798-1

RHSA-2025:11030

RHSA-2025:4787

RHSA-2025:4793

RHSA-2025:4794

RHSA-2025:9448

RHSA-2025_11030

RHSA-2025_4787

RHSA-2025_9448

SUSE-SU-2024:4392-1

SUSE-SU-2024_4392-1

SUSE-SU-2025:0798-1

SUSE-SU-2025_0798-1

USN-8011-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Gnu Emacs

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2024-53920

Weakness Enumeration

Related Identifiers

Affected Products

References · 69