Medium severity4.3NVD Advisory· Published Jun 16, 2024· Updated Apr 15, 2026
CVE-2024-38394
CVE-2024-38394
Description
Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12- Range: <=46.0
- osv-coords9 versionspkg:rpm/opensuse/gnome-settings-daemon&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/gnome-settings-daemon&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/gnome-settings-daemon&distro=openSUSE%20Tumbleweedpkg:rpm/suse/gnome-settings-daemon&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/gnome-settings-daemon&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/gnome-settings-daemon&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/gnome-settings-daemon&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/gnome-settings-daemon&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/gnome-settings-daemon&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4
< 41.0-150500.4.3.1+ 8 more
- (no CPE)range: < 41.0-150500.4.3.1
- (no CPE)range: < 45.1-150600.3.3.1
- (no CPE)range: < 46.0-5.1
- (no CPE)range: < 41.0-150400.3.3.1
- (no CPE)range: < 41.0-150400.3.3.1
- (no CPE)range: < 41.0-150500.4.3.1
- (no CPE)range: < 45.1-150600.3.3.1
- (no CPE)range: < 41.0-150400.3.3.1
- (no CPE)range: < 41.0-150400.3.3.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.