High severity7.8NVD Advisory· Published Nov 26, 2024· Updated Apr 15, 2026
CVE-2024-52336
CVE-2024-52336
Description
A script injection vulnerability was identified in the Tuned package. The instance_create() D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with script_pre or script_post options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- osv-coords12 versionspkg:rpm/almalinux/tunedpkg:rpm/almalinux/tuned-gtkpkg:rpm/almalinux/tuned-ppdpkg:rpm/almalinux/tuned-profiles-atomicpkg:rpm/almalinux/tuned-profiles-cpu-partitioningpkg:rpm/almalinux/tuned-profiles-mssqlpkg:rpm/almalinux/tuned-profiles-oraclepkg:rpm/almalinux/tuned-profiles-postgresqlpkg:rpm/almalinux/tuned-profiles-realtimepkg:rpm/almalinux/tuned-profiles-spectrumscalepkg:rpm/almalinux/tuned-utilspkg:rpm/opensuse/tuned&distro=openSUSE%20Tumbleweed
< 2.24.0-2.el9_5.alma.1+ 11 more
- (no CPE)range: < 2.24.0-2.el9_5.alma.1
- (no CPE)range: < 2.24.0-2.el9_5.alma.1
- (no CPE)range: < 2.24.0-2.el9_5.alma.1
- (no CPE)range: < 2.24.0-2.el9_5.alma.1
- (no CPE)range: < 2.24.0-2.el9_5.alma.1
- (no CPE)range: < 2.24.0-2.el9_5.alma.1
- (no CPE)range: < 2.24.0-2.el9_5.alma.1
- (no CPE)range: < 2.24.0-2.el9_5.alma.1
- (no CPE)range: < 2.24.0-2.el9_5.alma.1
- (no CPE)range: < 2.24.0-2.el9_5.alma.1
- (no CPE)range: < 2.24.0-2.el9_5.alma.1
- (no CPE)range: < 2.24.1.0+git.90c24ee-1.1
Patches
Vulnerability mechanics
References
8- access.redhat.com/errata/RHSA-2024:10384nvd
- access.redhat.com/errata/RHSA-2025:0879nvd
- access.redhat.com/errata/RHSA-2025:0880nvd
- access.redhat.com/security/cve/CVE-2024-52336nvd
- bugzilla.redhat.com/show_bug.cginvd
- security.opensuse.org/2024/11/26/tuned-instance-create.htmlnvd
- www.openwall.com/lists/oss-security/2024/11/28/1nvd
- www.openwall.com/lists/oss-security/2024/11/28/2nvd
News mentions
0No linked articles in our index yet.