CVE-2024-11584

CVSS v3.1

5.9

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions: cloud-init versions through 25.1.2

Description: The issue concerns the systemd socket unit cloud-init-hotplugd.socket in cloud-init, which has a default SocketMode that grants 0666 permissions, making it world-writable. This affects the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could potentially trigger hotplug-hook commands.

Recommendations: For cloud-init versions through 25.1.2, consider restricting the permissions of the cloud-init-hotplugd.socket to prevent unauthorized access. As a temporary workaround, restrict access to the /run/cloud-init/hook-hotplug-cmd FIFO to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

AZL-64337

AZL-64371

BDU:2025-10929

CVE-2024-11584

OESA-2025-1784

OESA-2025-1785

OESA-2025-1786

OESA-2025-1787

OESA-2025-1788

OPENSUSE-RU-2026:20129-1

OPENSUSE-SU-2025:15376-1

SUSE-RU-2026:20174-1

SUSE-RU-2026:20192-1

SUSE-SU-2025:20656-1

SUSE-SU-2025:20755-1

SUSE-SU-2026:1980-1

USN-7677-1

Affected Products

Debian

Linuxmint

Red Os

Ubuntu

Cloud-Init

CVE-2024-11584

Weakness Enumeration

Related Identifiers

Affected Products

References · 75