VDB
CISA-2024-6126
CISA-2024-6126
PUBLISHED
CVSS 3.2 LOW
Reported by redhat · Published July 3, 2024
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.
Risk Scores
CVSS 3.1
3.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux 9 | 0:323.1-1.el9_5 |
| Red Hat | Red Hat Enterprise Linux 9 | 0:323.1-1.el9_5 |
| Red Hat | Red Hat Enterprise Linux 10 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Enterprise Linux 10 | |
| Red Hat | Red Hat Enterprise Linux 9 | 0:323.1-1.el9_5, 0:323.1-1.el9_5, 0:323.1-1.el9_5 |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 8 |
Timeline
- Jul 3, 2024 CVE Published
- Nov 21, 2025 CVE Updated
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Security Advisory
References
- RHSA-2024:9325 vendor-advisoryx_refsource_REDHAT
- vdb-entryx_refsource_REDHAT
- RHBZ#2292897 issue-trackingx_refsource_REDHAT