1218728 – (CVE-2024-23301) VUL-0: CVE-2024-23301: rear: GRUB_RESCUE=Y creates world-readable initrd

Bug 1218728 (CVE-2024-23301) - VUL-0: CVE-2024-23301: rear: GRUB_RESCUE=Y creates world-readable initrd

Summary: VUL-0: CVE-2024-23301: rear: GRUB_RESCUE=Y creates world-readable initrd

Status:	RESOLVED FIXED

Alias:	CVE-2024-23301

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	x86-64 SLES 15

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/390872
Whiteboard:	CVSSv3.1:SUSE:CVE-2024-23301:7.8:(AV:...
Keywords:

Depends on:	1211055 1218541
Blocks:
	Show dependency tree / graph

Clone This Bug

Reported:	2024-01-11 13:22 UTC by Marcus Meissner
Modified:	2024-05-17 08:46 UTC (History)
CC List:	11 users (show)

See Also:
Found By:	Customer
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2024-01-11 13:22:16 UTC

+++ This bug was initially created as a clone of Bug #1218541 +++

As found by a SUSE customer, "rear" creates a world-readable (permissions 0644) initrd when run with GRUB_RESCUE=Y. This can be an issue if the initrd contains sensitive information, otherwise only readable by root.


I requested a CVE.

Comment 1 Johannes Meixner 2024-01-12 07:06:32 UTC

ReaR upstream fix:
https://github.com/rear/rear/pull/3123/files

Comment 2 Johannes Meixner 2024-01-12 07:11:44 UTC

The ReaR upstream fix merge commmit
https://github.com/rear/rear/commit/89b61793d80bc2cb2abe47a7d0549466fb087d16
message shows an example how the ReaR recovery system
in ReaR's initrd can contain secrets when certain things
are explicitly configured by the user:
---------------------------------------------------------------
In pack/GNU/Linux/900_create_initramfs.sh call
chmod 0600 "$TMP_DIR/$REAR_INITRD_FILENAME"
to let only 'root' access the ReaR initrd because
the ReaR recovery system in the initrd can contain secrets
(not by default but when certain things are explicitly
configured by the user like SSH keys without passphrase)
---------------------------------------------------------------

Comment 4 Marcus Meissner 2024-01-13 10:45:12 UTC

use CVE-2024-23301

Comment 17 Maintenance Automation 2024-01-18 12:30:53 UTC

SUSE-SU-2024:0135-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1218728
CVE References: CVE-2024-23301
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): rear27a-2.7-8.6.1
SUSE Linux Enterprise High Availability Extension 12 SP5 (src): rear27a-2.7-8.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Maintenance Automation 2024-01-18 16:30:21 UTC

SUSE-SU-2024:0148-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1218728
CVE References: CVE-2024-23301
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): rear23a-2.3.a-3.9.1
SUSE Linux Enterprise High Availability Extension 12 SP5 (src): rear23a-2.3.a-3.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Johannes Meixner 2024-01-22 07:18:32 UTC

Fixed 'rear' in OBS Archiving and forwarded to openSUSE:Factory
------------------------------------------------------------------
# osc request accept -m "Security fix CVE-2024-23301 \
 bsc#1218728 for rear" 1140363

Result of change request state: ok
openSUSE:Factory 
Forward this submit to it? ([y]/n)y
Security fix CVE-2024-23301 bsc#1218728 for rear
 (forwarded request 1140363 from jsmeix)
New request # 1140364
------------------------------------------------------------------

Comment 25 OBSbugzilla Bot 2024-01-22 09:35:02 UTC

This is an autogenerated message for OBS integration:
This bug (1218728) was mentioned in
https://build.opensuse.org/request/show/1140364 Factory / rear

Comment 26 Johannes Meixner 2024-01-23 10:14:31 UTC

The fix for openSUSE:Factory
https://build.opensuse.org/request/show/1140364
is accepted.

Comment 27 Maintenance Automation 2024-01-23 20:30:54 UTC

SUSE-SU-2024:0190-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1218728
CVE References: CVE-2024-23301
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): rear118a-1.18.a-9.3.1
SUSE Linux Enterprise High Availability Extension 12 SP5 (src): rear118a-1.18.a-9.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Maintenance Automation 2024-01-26 12:30:08 UTC

SUSE-SU-2024:0239-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1218728
CVE References: CVE-2024-23301
Sources used:
SUSE Linux Enterprise High Availability Extension 15 SP1 (src): rear23a-2.3.a-150000.9.9.1
SUSE Linux Enterprise High Availability Extension 15 SP2 (src): rear23a-2.3.a-150000.9.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 29 Maintenance Automation 2024-01-26 16:30:02 UTC

SUSE-SU-2024:0253-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1218728
CVE References: CVE-2024-23301
Sources used:
SUSE Linux Enterprise High Availability Extension 15 SP3 (src): rear27a-2.7-150200.5.6.1
SUSE Linux Enterprise High Availability Extension 15 SP4 (src): rear27a-2.7-150200.5.6.1
SUSE Linux Enterprise High Availability Extension 15 SP2 (src): rear27a-2.7-150200.5.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Maintenance Automation 2024-01-26 16:30:29 UTC

SUSE-SU-2024:0247-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1218728
CVE References: CVE-2024-23301
Sources used:
openSUSE Leap 15.3 (src): rear23a-2.3.a-150300.21.3.1
openSUSE Leap 15.5 (src): rear23a-2.3.a-150300.21.3.1
SUSE Linux Enterprise High Availability Extension 15 SP3 (src): rear23a-2.3.a-150300.21.3.1
SUSE Linux Enterprise High Availability Extension 15 SP4 (src): rear23a-2.3.a-150300.21.3.1
SUSE Linux Enterprise High Availability Extension 15 SP5 (src): rear23a-2.3.a-150300.21.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 31 Maintenance Automation 2024-01-31 16:30:01 UTC

SUSE-SU-2024:0292-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1218728
CVE References: CVE-2024-23301
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): rear1172a-1.17.2.a-5.3.1
SUSE Linux Enterprise High Availability Extension 12 SP5 (src): rear1172a-1.17.2.a-5.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 32 Maintenance Automation 2024-01-31 16:30:03 UTC

SUSE-SU-2024:0291-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1218728
CVE References: CVE-2024-23301
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): rear116-1.16-15.3.1
SUSE Linux Enterprise High Availability Extension 12 SP5 (src): rear116-1.16-15.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 41 Maintenance Automation 2024-02-28 16:30:07 UTC

SUSE-SU-2024:0657-1: An update that solves one vulnerability and has one security fix can now be installed.

Category: security (important)
Bug References: 1202352, 1218728
CVE References: CVE-2024-23301
Sources used:
openSUSE Leap 15.5 (src): rear27a-2.7-150500.3.3.1
SUSE Linux Enterprise High Availability Extension 15 SP5 (src): rear27a-2.7-150500.3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 42 Andrea Mattiazzo 2024-05-17 08:46:54 UTC

All done, closing.