CVE & CISA-KEV Catalog

CVE-2024-52336

HIGH
7.8
CVSS v3
NVD

Description

A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.

How to fix

Remediation Available
tunedDebian
Fixed in:2.24.1-1CVE-2024-52336
Fixed in:2.24.1-1CVE-2024-52336
tunedRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tunedRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
tuned-gtkRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
tuned-gtkRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-ppdRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
tuned-ppdRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
tuned-profiles-atomicRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
tuned-profiles-atomicRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
tuned-profiles-compatRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-profiles-compatRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-profiles-cpu-partitioningRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-profiles-cpu-partitioningRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
tuned-profiles-mssqlRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
tuned-profiles-mssqlRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-profiles-nfvRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-profiles-nfvRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-profiles-nfv-guestRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-profiles-nfv-guestRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
tuned-profiles-nfv-hostRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-profiles-nfv-hostRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
tuned-profiles-openshiftRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-profiles-openshiftRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-profiles-oracleRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-profiles-oracleRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-profiles-postgresqlRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
tuned-profiles-postgresqlRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-profiles-realtimeRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
tuned-profiles-realtimeRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
tuned-profiles-sapRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-profiles-sapRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
tuned-profiles-sap-hanaRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
tuned-profiles-sap-hanaRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-profiles-spectrumscaleRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
tuned-profiles-spectrumscaleRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-utilsRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-utilsRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
Fixed in:0:2.24.0-2.el9_5RHSA-2024:10384
tuned-utils-systemtapRocky
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879
tuned-utils-systemtapRed Hat / RHEL
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el8fdpRHSA-2025:0880
Fixed in:0:2.24.0-2.1.20240819gitc082797f.el9fdpRHSA-2025:0879

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

0.29%probability of exploitation in 30 days
20thpercentile

Low risk: more likely to be exploited than 20% of all known CVEs.

References

Related Vulnerabilities

Other CWE-269 (Improper Privilege Management) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2017-12635Critical9.8100%-Fix
CVE-2022-24637Critical9.899%-Fix
CVE-2017-5689Critical9.892%KEVFix
CVE-2020-3243Critical9.888%--
CVE-2024-21888High8.887%--
CVE-2022-0441Critical9.885%-Fix
Embed a live status badge for CVE-2024-52336
CVE-2024-52336 severity badge

Markdown

[![CVE-2024-52336](https://tridentstack.com/cve/badge/CVE-2024-52336.svg)](https://tridentstack.com/cve/CVE-2024-52336)

HTML

<a href="https://tridentstack.com/cve/CVE-2024-52336"><img src="https://tridentstack.com/cve/badge/CVE-2024-52336.svg" alt="CVE-2024-52336"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-26.