{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T06:00:04.143","vulnerabilities":[{"cve":{"id":"CVE-2024-52336","sourceIdentifier":"secalert@redhat.com","published":"2024-11-26T16:15:17.093","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation."},{"lang":"es","value":"Se identificó una vulnerabilidad de inyección de scripts en el paquete Tuned. La función `instance_create()` de D-Bus puede ser invocada por usuarios que hayan iniciado sesión localmente sin autenticación. Esta falla permite que un usuario local sin privilegios ejecute una llamada de D-Bus con opciones `script_pre` o `script_post` que permiten pasar scripts arbitrarios con sus rutas absolutas. Estos scripts o programas ejecutables controlados por el usuario o el atacante podrían ser ejecutados por Tuned con privilegios de superusuario, lo que podría permitir a los atacantes una escalada de privilegios local."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:10384","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:0879","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:0880","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-52336","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2324540","source":"secalert@redhat.com"},{"url":"https://security.opensuse.org/2024/11/26/tuned-instance-create.html","source":"secalert@redhat.com"},{"url":"https://www.openwall.com/lists/oss-security/2024/11/28/1","source":"secalert@redhat.com"},{"url":"https://security.opensuse.org/2024/11/26/tuned-instance-create.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.openwall.com/lists/oss-security/2024/11/28/2","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}