CVE-2024-52337

Name of the Vulnerable Software and Affected Versions: Tuned (affected versions not specified)

Description: A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters, and newlines can be inserted into the log. The attacker could mimic a valid TuneD log line and trick the administrator. The quotes are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, tuned-adm get instances or other third-party programs that use Tuned's D-Bus interface for such operations.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.