Re: Local Privilege Escalations in needrestart –
– [[{“value”:”
Posted by Mark Esler on Nov 27
The security fix for CVE-2024-48991, 6ce6136 (“core: prevent race
condition on /proc/$PID/exec evaluation”) [0], introduced a regression
which was subsequently fixed 42af5d3 (“core: fix regression of false
positives for processes running in chroot or mountns (#317)”) [1].
Many thanks to Ivan Kurnosov and Salvatore Bonaccorso for their review.
[0] https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59…
“}]] – Read More – Full Disclosure
