Security Advisory

CVE-2024-48992

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-11-19 17:38:22

Last updated 2025-11-03 22:22:13

Assigner canonical

State PUBLISHED

Description

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.

← Browse all CVEs View on cve.org ↗