Linux needrestart CVE-2024-48990

tocguy · November 22, 2024, 6:48pm

Didn't find this CVE on the site. What is the vulnerability of OpenWRT with respect to this just discovered CVE and related CVEs. Has to do with the built-in needrestart process and exploiting a Python path env variable during library updates that re-directs the path to run malware.
new critical linux exploit has been hiding for 10 years

CVE-2024-48990
CVE-2024-48991
CVE-2024-48992
CVE-2024-10224
CVE-2024-11003

brada4 · November 22, 2024, 6:59pm

Detailed info:

OpenWRT does not contain Ubuntu software in question.

mk24 · November 22, 2024, 7:00pm

OpenWrt's update management is not Python based. Python itself is an optional package that is not going to be installed for almost all users.

system · December 2, 2024, 7:01pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.