CVE-2024-38394

Published: Jun 15, 2024

Modified: Nov 12, 2024

PUBLISHED

Description

Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://pulsesecurity.co.nz/advisories/usbguard-bypass

https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780

https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780#note_2047914

https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/tags

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-38394

Description

Affected Products

References