CVE-2024-38394
Last modified
CVE-2024-38394 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE.". EPSS estimates a 0.32% chance of exploitation in the next 30 days.
Description
Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE."
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2024-38394?
How severe is CVE-2024-38394?
How do I fix CVE-2024-38394?
Are you affected by CVE-2024-38394?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST