Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2024-38394

Published: 16 June 2024

** DISPUTED ** Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE."

Notes

AuthorNote
mdeslaur
as of 2024-06-17, there is no fix from gnome-settings-daemon
as they don't believe that is the proper place to address this
issue. Deferring this CVE for now.

Priority

Medium

Status

Package Release Status
gnome-settings-daemon
Launchpad, Ubuntu, Debian
bionic Deferred
(2024-06-17)
focal Deferred
(2024-06-17)
jammy Deferred
(2024-06-17)
mantic Ignored
(end of life, was deferred [2024-06-17])
noble Deferred
(2024-06-17)
upstream Needs triage

xenial Deferred
(2024-06-17)