[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-43882":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":28,"aliases":29,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":140,"related":141,"reserved_at":9,"published_at":170,"modified_at":171,"state":172,"summary":173,"references_raw":182,"kevs":237,"epss":238,"epss_history":241,"metrics":509,"affected":519},"CVE-2024-43882","In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Fix ToCToU between perm check and set-uid/gid usage\n\nWhen opening a file for exec via do_filp_open(), permission checking is\ndone against the file's metadata at that moment, and on success, a file\npointer is passed back. Much later in the execve() code path, the file\nmetadata (specifically mode, uid, and gid) is used to determine if/how\nto set the uid and gid. However, those values may have changed since the\npermissions check, meaning the execution may gain unintended privileges.\n\nFor example, if a file could change permissions from executable and not\nset-id:\n\n---------x 1 root root 16048 Aug  7 13:16 target\n\nto set-id and non-executable:\n\n---S------ 1 root root 16048 Aug  7 13:16 target\n\nit is possible to gain root privileges when execution should have been\ndisallowed.\n\nWhile this race condition is rare in real-world scenarios, it has been\nobserved (and proven exploitable) when package managers are updating\nthe setuid bits of installed programs. Such files start with being\nworld-executable but then are adjusted to be group-exec with a set-uid\nbit. For example, \"chmod o-x,u+s target\" makes \"target\" executable only\nby uid \"root\" and gid \"cdrom\", while also becoming setuid-root:\n\n-rwxr-xr-x 1 root cdrom 16048 Aug  7 13:16 target\n\nbecomes:\n\n-rwsr-xr-- 1 root cdrom 16048 Aug  7 13:16 target\n\nBut racing the chmod means users without group \"cdrom\" membership can\nget the permission to execute \"target\" just before the chmod, and when\nthe chmod finishes, the exec reaches brpm_fill_uid(), and performs the\nsetuid to root, violating the expressed authorization of \"only cdrom\ngroup members can setuid to root\".\n\nRe-check that we still have execute permissions in case the metadata\nhas changed. It would be better to keep a copy from the perm-check time,\nbut until we can do that refactoring, the least-bad option is to do a\nfull inode_permission() call (under inode lock). It is understood that\nthis is safe against dead-locks, but hardly optimal.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-367","Time-of-check Time-of-use (TOCTOU) Race Condition","The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.","weakness","Incomplete","Base","Medium",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-27","Leveraging Race Conditions via Symbolic Links",[],{"id":25,"name":26,"techniques":27},"CAPEC-29","Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",[],[],[],[],[32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126,128,130,132,134,136,138],{"_key":33},"SUSE-SU-2024:3189-1",{"_key":35},"SUSE-SU-2024:3225-1",{"_key":37},"SUSE-SU-2024:3227-1",{"_key":39},"SUSE-SU-2024:3249-1",{"_key":41},"SUSE-SU-2024:3251-1",{"_key":43},"SUSE-SU-2024:3252-1",{"_key":45},"SUSE-SU-2024:3408-1",{"_key":47},"SUSE-SU-2024:3467-1",{"_key":49},"SUSE-SU-2024:3499-1",{"_key":51},"SUSE-SU-2025:01590-1",{"_key":53},"SUSE-SU-2025:01601-1",{"_key":55},"SUSE-SU-2025:01610-1",{"_key":57},"SUSE-SU-2025:01668-1",{"_key":59},"SUSE-SU-2025:01675-1",{"_key":61},"SUSE-SU-2025:01676-1",{"_key":63},"SUSE-SU-2025:01683-1",{"_key":65},"SUSE-SU-2024:3190-1",{"_key":67},"SUSE-SU-2024:3194-1",{"_key":69},"SUSE-SU-2024:3195-1",{"_key":71},"SUSE-SU-2024:3209-1",{"_key":73},"SUSE-SU-2024:3383-1",{"_key":75},"SUSE-SU-2024:3483-1",{"_key":77},"DLA-3912-1",{"_key":79},"DLA-4008-1",{"_key":81},"SUSE-SU-2025:01655-1",{"_key":83},"SUSE-SU-2025:01692-1",{"_key":85},"SUSE-SU-2025:20044-1",{"_key":87},"SUSE-SU-2025:20047-1",{"_key":89},"MGASA-2024-0309",{"_key":91},"MGASA-2024-0310",{"_key":93},"DEBIAN-CVE-2024-43882",{"_key":95},"RHSA-2025:6966",{"_key":97},"LSN-0108-1",{"_key":99},"LSN-0109-1",{"_key":101},"UBUNTU-CVE-2024-43882",{"_key":103},"USN-7120-1",{"_key":105},"USN-7120-2",{"_key":107},"USN-7120-3",{"_key":109},"USN-7088-1",{"_key":111},"USN-7088-2",{"_key":113},"USN-7088-3",{"_key":115},"USN-7088-4",{"_key":117},"USN-7088-5",{"_key":119},"USN-7100-1",{"_key":121},"USN-7100-2",{"_key":123},"USN-7119-1",{"_key":125},"USN-7121-1",{"_key":127},"USN-7121-2",{"_key":129},"USN-7121-3",{"_key":131},"USN-7123-1",{"_key":133},"USN-7144-1",{"_key":135},"USN-7148-1",{"_key":137},"USN-7156-1",{"_key":139},"USN-7194-1",[],[142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169],{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":81},{"_key":83},{"_key":85},{"_key":87},{"_key":89},{"_key":91},"2024-08-21T00:10:49.556Z","2026-05-12T11:57:09.220Z","Modified",{"cisa_kev":174,"cisa_ransomware":174,"cisa_vendor":9,"epss_severity":175,"epss_score":176,"severity":177,"severity_score":178,"severity_version":179,"severity_source":180,"severity_vector":181,"severity_status":172},false,"low",0.0003,"high",8.4,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[183,189,193,197,201,205,209,213,217,221,225,229,233],{"url":184,"sources":185,"tags":187},"https://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f",[180,186],"nvd",[188],"Patch",{"url":190,"sources":191,"tags":192},"https://git.kernel.org/stable/c/368f6985d46657b8b466a421dddcacd4051f7ada",[180,186],[188],{"url":194,"sources":195,"tags":196},"https://git.kernel.org/stable/c/15469d46ba34559bfe7e3de6659115778c624759",[180,186],[188],{"url":198,"sources":199,"tags":200},"https://git.kernel.org/stable/c/9b424c5d4130d56312e2a3be17efb0928fec4d64",[180,186],[188],{"url":202,"sources":203,"tags":204},"https://git.kernel.org/stable/c/f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1",[180,186],[188],{"url":206,"sources":207,"tags":208},"https://git.kernel.org/stable/c/d2a2a4714d80d09b0f8eb6438ab4224690b7121e",[180,186],[188],{"url":210,"sources":211,"tags":212},"https://git.kernel.org/stable/c/90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e",[180,186],[188],{"url":214,"sources":215,"tags":216},"https://git.kernel.org/stable/c/f50733b45d865f91db90919f8311e2127ce5a0cb",[180,186],[188],{"url":218,"sources":219,"tags":220},"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html",[180,186],[],{"url":222,"sources":223,"tags":224},"https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html",[180,186],[],{"url":226,"sources":227,"tags":228},"https://cert-portal.siemens.com/productcert/html/ssa-265688.html",[180,186],[],{"url":230,"sources":231,"tags":232},"https://cert-portal.siemens.com/productcert/html/ssa-613116.html",[180,186],[],{"url":234,"sources":235,"tags":236},"https://cert-portal.siemens.com/productcert/html/ssa-355557.html",[180,186],[],[],{"date":239,"score":176,"percentile":240},"2026-06-03",0.09021,[242,246,249,252,255,258,261,264,267,270,273,276,279,282,285,289,292,295,298,301,304,307,310,313,316,319,322,325,328,331,334,337,340,343,346,348,351,354,358,361,364,367,370,373,376,379,381,383,387,390,393,396,399,402,406,409,412,415,418,421,423,426,429,432,435,438,441,444,447,450,452,455,458,461,463,466,469,472,475,478,481,484,487,490,493,496,498,501,504,507],{"date":243,"score":244,"percentile":245},"2025-11-04",0.0002,0.03997,{"date":247,"score":244,"percentile":248},"2025-11-05",0.04002,{"date":250,"score":244,"percentile":251},"2025-11-06",0.04037,{"date":253,"score":244,"percentile":254},"2025-11-07",0.04113,{"date":256,"score":244,"percentile":257},"2025-11-08",0.04116,{"date":259,"score":244,"percentile":260},"2025-11-09",0.04115,{"date":262,"score":244,"percentile":263},"2025-11-10",0.041,{"date":265,"score":244,"percentile":266},"2025-11-11",0.04137,{"date":268,"score":244,"percentile":269},"2025-11-12",0.04166,{"date":271,"score":244,"percentile":272},"2025-11-13",0.04195,{"date":274,"score":244,"percentile":275},"2025-11-14",0.04205,{"date":277,"score":244,"percentile":278},"2025-11-15",0.04244,{"date":280,"score":244,"percentile":281},"2025-11-16",0.04251,{"date":283,"score":244,"percentile":284},"2025-11-17",0.04246,{"date":286,"score":287,"percentile":288},"2025-11-18",0.00061,0.14577,{"date":290,"score":287,"percentile":291},"2025-11-19",0.14594,{"date":293,"score":287,"percentile":294},"2025-11-20",0.14606,{"date":296,"score":244,"percentile":297},"2025-11-21",0.04287,{"date":299,"score":244,"percentile":300},"2025-11-22",0.04292,{"date":302,"score":244,"percentile":303},"2025-11-23",0.04289,{"date":305,"score":244,"percentile":306},"2025-11-24",0.04263,{"date":308,"score":244,"percentile":309},"2025-11-25",0.04266,{"date":311,"score":244,"percentile":312},"2025-11-26",0.04312,{"date":314,"score":244,"percentile":315},"2025-11-27",0.0433,{"date":317,"score":244,"percentile":318},"2025-11-28",0.04314,{"date":320,"score":244,"percentile":321},"2025-11-29",0.04369,{"date":323,"score":244,"percentile":324},"2025-11-30",0.04372,{"date":326,"score":244,"percentile":327},"2025-12-01",0.04466,{"date":329,"score":244,"percentile":330},"2025-12-02",0.04481,{"date":332,"score":244,"percentile":333},"2025-12-03",0.045,{"date":335,"score":244,"percentile":336},"2025-12-04",0.04446,{"date":338,"score":244,"percentile":339},"2025-12-05",0.04517,{"date":341,"score":244,"percentile":342},"2025-12-06",0.04529,{"date":344,"score":244,"percentile":345},"2025-12-07",0.04531,{"date":347,"score":244,"percentile":342},"2025-12-08",{"date":349,"score":244,"percentile":350},"2025-12-09",0.04578,{"date":352,"score":244,"percentile":353},"2025-12-10",0.04621,{"date":355,"score":356,"percentile":357},"2025-12-11",0.00019,0.04085,{"date":359,"score":356,"percentile":360},"2025-12-12",0.04097,{"date":362,"score":356,"percentile":363},"2025-12-13",0.04123,{"date":365,"score":356,"percentile":366},"2025-12-14",0.04108,{"date":368,"score":356,"percentile":369},"2025-12-15",0.04061,{"date":371,"score":356,"percentile":372},"2025-12-16",0.04073,{"date":374,"score":356,"percentile":375},"2025-12-17",0.04127,{"date":377,"score":356,"percentile":378},"2025-12-18",0.04326,{"date":380,"score":356,"percentile":312},"2025-12-19",{"date":382,"score":356,"percentile":312},"2025-12-20",{"date":384,"score":385,"percentile":386},"2025-12-21",0.00021,0.04889,{"date":388,"score":385,"percentile":389},"2025-12-22",0.04822,{"date":391,"score":385,"percentile":392},"2025-12-23",0.04834,{"date":394,"score":385,"percentile":395},"2025-12-24",0.04856,{"date":397,"score":385,"percentile":398},"2025-12-25",0.04891,{"date":400,"score":244,"percentile":401},"2025-12-26",0.04731,{"date":403,"score":404,"percentile":405},"2025-12-27",0.00027,0.06975,{"date":407,"score":244,"percentile":408},"2025-12-28",0.04724,{"date":410,"score":244,"percentile":411},"2025-12-29",0.04718,{"date":413,"score":244,"percentile":414},"2025-12-30",0.04658,{"date":416,"score":244,"percentile":417},"2025-12-31",0.04676,{"date":419,"score":244,"percentile":420},"2026-01-01",0.04754,{"date":422,"score":244,"percentile":420},"2026-01-02",{"date":424,"score":244,"percentile":425},"2026-01-03",0.04739,{"date":427,"score":244,"percentile":428},"2026-01-04",0.04637,{"date":430,"score":244,"percentile":431},"2026-01-05",0.04574,{"date":433,"score":244,"percentile":434},"2026-01-06",0.04571,{"date":436,"score":244,"percentile":437},"2026-01-07",0.04589,{"date":439,"score":244,"percentile":440},"2026-01-08",0.04618,{"date":442,"score":244,"percentile":443},"2026-01-09",0.04617,{"date":445,"score":244,"percentile":446},"2026-01-10",0.04624,{"date":448,"score":244,"percentile":449},"2026-01-11",0.04609,{"date":451,"score":244,"percentile":353},"2026-01-12",{"date":453,"score":244,"percentile":454},"2026-01-13",0.04612,{"date":456,"score":244,"percentile":457},"2026-01-14",0.04656,{"date":459,"score":244,"percentile":460},"2026-01-15",0.04565,{"date":462,"score":244,"percentile":345},"2026-01-16",{"date":464,"score":244,"percentile":465},"2026-01-17",0.0453,{"date":467,"score":244,"percentile":468},"2026-01-18",0.04515,{"date":470,"score":244,"percentile":471},"2026-01-19",0.04468,{"date":473,"score":244,"percentile":474},"2026-01-20",0.04424,{"date":476,"score":244,"percentile":477},"2026-01-21",0.04414,{"date":479,"score":244,"percentile":480},"2026-01-22",0.04399,{"date":482,"score":244,"percentile":483},"2026-01-23",0.04448,{"date":485,"score":244,"percentile":486},"2026-01-24",0.04492,{"date":488,"score":244,"percentile":489},"2026-01-25",0.04488,{"date":491,"score":244,"percentile":492},"2026-01-26",0.04474,{"date":494,"score":244,"percentile":495},"2026-01-27",0.04464,{"date":497,"score":244,"percentile":483},"2026-01-28",{"date":499,"score":244,"percentile":500},"2026-01-29",0.04465,{"date":502,"score":244,"percentile":503},"2026-01-30",0.04471,{"date":505,"score":244,"percentile":506},"2026-01-31",0.0445,{"date":508,"score":244,"percentile":460},"2026-02-01",[510,515],{"source":180,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":511,"cvss_v4_0":9},{"baseScore":178,"baseSeverity":512,"vectorString":181,"impactScore":513,"exploitabilityScore":514},"HIGH",9.8,6.4,{"source":186,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":516,"cvss_v4_0":9},{"baseScore":4,"baseSeverity":512,"vectorString":517,"impactScore":513,"exploitabilityScore":518},"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",2.6,[520,555],{"ecosystem":9,"name":521,"vendor":522,"product":522,"cpe_part":523,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":524},"Linux","linux","a",[525,532,535,538,541,544,547,550,553],{"version":526,"is_range":527,"range_type":180,"version_start":528,"version_start_type":529,"version_end":530,"version_end_type":531,"fixed_in":9},">= 9167b0b9a0ab7907191523f5a0528e3b9c288e21, \u003C d5c3c7e26275a2d83b894d30f7582a42853a958f",true,"9167b0b9a0ab7907191523f5a0528e3b9c288e21","including","d5c3c7e26275a2d83b894d30f7582a42853a958f","excluding",{"version":533,"is_range":527,"range_type":180,"version_start":528,"version_start_type":529,"version_end":534,"version_end_type":531,"fixed_in":9},">= 9167b0b9a0ab7907191523f5a0528e3b9c288e21, \u003C 368f6985d46657b8b466a421dddcacd4051f7ada","368f6985d46657b8b466a421dddcacd4051f7ada",{"version":536,"is_range":527,"range_type":180,"version_start":528,"version_start_type":529,"version_end":537,"version_end_type":531,"fixed_in":9},">= 9167b0b9a0ab7907191523f5a0528e3b9c288e21, \u003C 15469d46ba34559bfe7e3de6659115778c624759","15469d46ba34559bfe7e3de6659115778c624759",{"version":539,"is_range":527,"range_type":180,"version_start":528,"version_start_type":529,"version_end":540,"version_end_type":531,"fixed_in":9},">= 9167b0b9a0ab7907191523f5a0528e3b9c288e21, \u003C 9b424c5d4130d56312e2a3be17efb0928fec4d64","9b424c5d4130d56312e2a3be17efb0928fec4d64",{"version":542,"is_range":527,"range_type":180,"version_start":528,"version_start_type":529,"version_end":543,"version_end_type":531,"fixed_in":9},">= 9167b0b9a0ab7907191523f5a0528e3b9c288e21, \u003C f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1","f6cfc6bcfd5e1cf76115b6450516ea4c99897ae1",{"version":545,"is_range":527,"range_type":180,"version_start":528,"version_start_type":529,"version_end":546,"version_end_type":531,"fixed_in":9},">= 9167b0b9a0ab7907191523f5a0528e3b9c288e21, \u003C d2a2a4714d80d09b0f8eb6438ab4224690b7121e","d2a2a4714d80d09b0f8eb6438ab4224690b7121e",{"version":548,"is_range":527,"range_type":180,"version_start":528,"version_start_type":529,"version_end":549,"version_end_type":531,"fixed_in":9},">= 9167b0b9a0ab7907191523f5a0528e3b9c288e21, \u003C 90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e","90dfbba89ad4f0d9c9744ecbb1adac4aa2ff4f3e",{"version":551,"is_range":527,"range_type":180,"version_start":528,"version_start_type":529,"version_end":552,"version_end_type":531,"fixed_in":9},">= 9167b0b9a0ab7907191523f5a0528e3b9c288e21, \u003C f50733b45d865f91db90919f8311e2127ce5a0cb","f50733b45d865f91db90919f8311e2127ce5a0cb",{"version":554,"is_range":174,"range_type":180,"version_start":554,"version_start_type":529,"version_end":554,"version_end_type":529,"fixed_in":9},"2.6.18",{"ecosystem":9,"name":556,"vendor":522,"product":557,"cpe_part":558,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":559},"linux kernel","linux_kernel","o",[560,564,568,572,576,580,584,588,590,592],{"version":561,"is_range":527,"range_type":562,"version_start":9,"version_start_type":9,"version_end":563,"version_end_type":531,"fixed_in":9},"lt4.19.320","cpe","4.19.320",{"version":565,"is_range":527,"range_type":562,"version_start":566,"version_start_type":529,"version_end":567,"version_end_type":531,"fixed_in":9},"gte4.20_lt5.4.282","4.20","5.4.282",{"version":569,"is_range":527,"range_type":562,"version_start":570,"version_start_type":529,"version_end":571,"version_end_type":531,"fixed_in":9},"gte5.5_lt5.10.224","5.5","5.10.224",{"version":573,"is_range":527,"range_type":562,"version_start":574,"version_start_type":529,"version_end":575,"version_end_type":531,"fixed_in":9},"gte5.11_lt5.15.165","5.11","5.15.165",{"version":577,"is_range":527,"range_type":562,"version_start":578,"version_start_type":529,"version_end":579,"version_end_type":531,"fixed_in":9},"gte5.16_lt6.1.106","5.16","6.1.106",{"version":581,"is_range":527,"range_type":562,"version_start":582,"version_start_type":529,"version_end":583,"version_end_type":531,"fixed_in":9},"gte6.2_lt6.6.47","6.2","6.6.47",{"version":585,"is_range":527,"range_type":562,"version_start":586,"version_start_type":529,"version_end":587,"version_end_type":531,"fixed_in":9},"gte6.7_lt6.10.6","6.7","6.10.6",{"version":589,"is_range":174,"range_type":562,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.11:rc1",{"version":591,"is_range":174,"range_type":562,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.11:rc2",{"version":593,"is_range":174,"range_type":562,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.11:rc3"]