High severity8.8NVD Advisory· Published Jun 26, 2025· Updated Jun 17, 2026
CVE-2024-6174
CVE-2024-6174
Description
When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- osv-coords8 versionspkg:rpm/almalinux/cloud-initpkg:rpm/opensuse/cloud-init&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cloud-init&distro=openSUSE%20Tumbleweedpkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/cloud-init&distro=SUSE%20Linux%20Micro%206.2
< 24.4-3.el10_0.2+ 7 more
- (no CPE)range: < 24.4-3.el10_0.2
- (no CPE)range: < 25.1.3-160000.2.1
- (no CPE)range: < 25.1.3-1.1
- (no CPE)range: < 25.1.3-160000.2.1
- (no CPE)range: < 25.1.3-160000.2.1
- (no CPE)range: < 25.1.3-1.1
- (no CPE)range: < 25.1.3-slfo.1.1_1.1
- (no CPE)range: < 25.1.3-160000.2.1
- Canonical/cloud-initv5Range: 0.7.9
Patches
Vulnerability mechanics
References
1- github.com/canonical/cloud-init/releases/tag/25.1.3nvdRelease Notes
News mentions
0No linked articles in our index yet.