CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 4CVE-2024-2746 – Incomplete fix for CVE-2024-1929
https://notcve.org/view.php?id=CVE-2024-2746
08 May 2024 — Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit authentication was even started. The dnf5 library code does not check whether non-root users control the directory in question. On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate ... • https://github.com/xct/CVE-2024-27460 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1929 – Local Root Exploit via Configuration Dictionary
https://notcve.org/view.php?id=CVE-2024-1929
08 May 2024 — Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the "config" key, is another key/value map. The configuration values found in it will be forwarded as configuration over... • https://www.openwall.com/lists/oss-security/2024/03/04/2 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1930 – No Limit on Number of Open Sessions / Bad Session Close Behaviour
https://notcve.org/view.php?id=CVE-2024-1930
08 May 2024 — No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the `open_session()` D-Bus method. For each session a thread is created in dnf5daemon-server. This spends a couple of hundred megabytes of memory in the process. Further connections will become impossible, likely because no more threads can be spawned b... • https://www.openwall.com/lists/oss-security/2024/03/04/2 • CWE-400: Uncontrolled Resource Consumption •