CVE-2024-23301 – rear: creates a world-readable initrd

https://notcve.org/view.php?id=CVE-2024-23301

12 Jan 2024 — Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. Relax-and-Recover (a.k.a ReaR) hasta 2.7 crea un initrd world-readable cuando se usa GRUB_RESCUE=y. Esto permite a los atacantes locales obtener acceso a secretos del sistema que de otro modo sólo serían legibles por root. A vulnerability has been identified in Relax-and-Recover (ReaR), where the use of GRUB_RESCUE=y ... • https://github.com/rear/rear/issues/3122 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •