Security Advisory

CVE-2024-11584

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-26 09:25:20

Last updated 2025-06-26 19:14:46

Assigner canonical

State PUBLISHED

Description

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands.

← Browse all CVEs View on cve.org ↗