CVE-2024-6714

Publication date 22 July 2024

Last updated 24 July 2024

Ubuntu priority

Why this priority?

Cvss 3 Severity Score

Score breakdown

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
provd	24.04 LTS noble	Fixed 0.1.2+24.04
	23.10 mantic	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release

Notes

sudhackar

CWE-73

lucistanescu

Remediated by Matthew Gary Hagemann Coordinated by Luci Stanescu

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
provd	Upstream: 8d9086d

Severity score breakdown

Parameter	Value
Base score	8.8 · High
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Changed
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

USN-6912-1
provd vulnerability
24 July 2024

Other references