CVE-2024-45770

Published: Sep 19, 2024

Modified: Nov 20, 2025

PUBLISHED

CVSS v3.1

4.4

MEDIUM

Description

A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.

Vendor	Product	Versions
Unknown	pcp	All versions
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:5.3.7-22.el8_10 - < *`
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	unaffected `0:5.0.2-9.el8_2 - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	unaffected `0:5.2.5-8.el8_4 - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	unaffected `0:5.2.5-8.el8_4 - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	unaffected `0:5.2.5-8.el8_4 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	unaffected `0:5.3.5-10.el8_6 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	unaffected `0:5.3.5-10.el8_6 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	unaffected `0:5.3.5-10.el8_6 - < *`
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	unaffected `0:5.3.7-19.el8_8 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:6.2.0-5.el9_4 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:6.2.2-7.el9_5 - < *`
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	unaffected `0:5.3.5-10.el9_0 - < *`
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	unaffected `0:6.0.1-8.el9_2 - < *`
Red Hat	Red Hat Enterprise Linux 10	All versions
Red Hat	Red Hat Enterprise Linux 6	All versions
Red Hat	Red Hat Enterprise Linux 7	All versions