CVE-2024-6174

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: cloud-init (affected versions not specified)

Description: The issue occurs when a non-x86 platform is detected, causing cloud-init to grant root access to a hardcoded URL with a local IP address. By default, cloud-init configurations disable platform enumeration to prevent this.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Default Permissions

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276CWE-287

Related Identifiers

ALSA-2025:10844

ALSA-2025:10848

ALSA-2025:11324

ALT-PU-2025-10350

AZL-64334

AZL-64374

BDU:2025-10809

CESA-2025_11324

CVE-2024-6174

INFSA-2025_10848

INFSA-2025_11324

OESA-2025-1783

OESA-2025-1784

OESA-2025-1785

OESA-2025-1786

OESA-2025-1787

OESA-2025-1788

OPENSUSE-RU-2026:20129-1

OPENSUSE-SU-2025:15376-1

RHSA-2025:10844

RHSA-2025:10848

RHSA-2025:10876

RHSA-2025:10879

RHSA-2025:11295

RHSA-2025:11324

RHSA-2025:11337

RHSA-2025:11339

RHSA-2025_10848

RHSA-2025_11324

SUSE-RU-2026:20174-1

SUSE-RU-2026:20192-1

SUSE-SU-2025:20656-1

SUSE-SU-2025:20755-1

SUSE-SU-2026:1980-1

USN-7677-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

Cloud-Init

CVE-2024-6174

Weakness Enumeration

Related Identifiers

Affected Products

References · 93