vulnerability

Alma Linux: CVE-2024-52337: Important: tuned security update (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:C/A:N)	Nov 26, 2024	Dec 4, 2024	Nov 13, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:C/A:N)

Published

Nov 26, 2024

Added

Dec 4, 2024

Modified

Nov 13, 2025

Description

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.

Solutions

alma-upgrade-tunedalma-upgrade-tuned-gtkalma-upgrade-tuned-ppdalma-upgrade-tuned-profiles-atomicalma-upgrade-tuned-profiles-compatalma-upgrade-tuned-profiles-cpu-partitioningalma-upgrade-tuned-profiles-mssqlalma-upgrade-tuned-profiles-oraclealma-upgrade-tuned-profiles-postgresqlalma-upgrade-tuned-profiles-realtimealma-upgrade-tuned-profiles-spectrumscalealma-upgrade-tuned-utilsalma-upgrade-tuned-utils-systemtap

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today