CVE-2024-22029

Summary

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

Affected Software

VendorProductVersion RangeStatus
SUSEContainer suse/manager/5.0/x86_64/server:5.0.0-beta1.2.122? < 9.0.85-150200.57.1affected
SUSESUSE Enterprise Storage 7.1? < 9.0.85-150200.57.1affected
SUSESUSE Linux Enterprise High Performance Computing 15 SP2-LTSS? < 9.0.85-150200.57.1affected
SUSESUSE Linux Enterprise High Performance Computing 15 SP3-LTSS? < 9.0.85-150200.57.1affected
SUSESUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS? < 9.0.85-150200.57.1affected
SUSESUSE Linux Enterprise High Performance Computing 15 SP4-LTSS? < 9.0.85-150200.57.1affected
SUSESUSE Linux Enterprise High Performance Computing 15 SP5? < 9.0.85-150200.57.1affected
SUSESUSE Linux Enterprise Module for Web and Scripting 15 SP5? < 9.0.85-150200.57.1affected
SUSESUSE Linux Enterprise Server 15 SP5? < 9.0.85-150200.57.1affected
SUSESUSE Linux Enterprise Server for SAP Applications 15 SP5? < 9.0.85-150200.57.1affected
SUSESUSE Linux Enterprise High Performance Computing 15 SP6? < 9.0.85-150200.57.1affected
SUSESUSE Linux Enterprise Module for Web and Scripting 15 SP6? < 9.0.85-150200.57.1affected
SUSESUSE Linux Enterprise Server 15 SP6? < 9.0.85-150200.57.1affected
SUSESUSE Linux Enterprise Server for SAP Applications 15 SP6? < 9.0.85-150200.57.1affected
SUSESUSE Linux Enterprise Server 15 SP2-LTSS? < 9.0.85-150200.57.1affected
SUSESUSE Linux Enterprise Server 15 SP3-LTSS? < 9.0.85-150200.57.1affected
SUSESUSE Linux Enterprise Server 15 SP4-LTSS? < 9.0.85-150200.57.1affected
SUSESUSE Linux Enterprise Server for SAP Applications 15 SP2? < 9.0.85-150200.57.1affected
SUSESUSE Linux Enterprise Server for SAP Applications 15 SP3? < 9.0.85-150200.57.1affected
SUSESUSE Linux Enterprise Server for SAP Applications 15 SP4? < 9.0.85-150200.57.1affected
SUSESUSE Manager Server 4.3? < 9.0.85-150200.57.1affected
SUSEopenSUSE Leap 15.5? < 9.0.85-150200.57.1affected
SUSEopenSUSE Tumbleweed? < 9.0.85-3.1affected

Weaknesses

  • CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References