VDB

CISA-2024-6126

CISA-2024-6126 PUBLISHED CVSS 3.2 LOW

Reported by redhat · Published July 3, 2024

A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.

Risk Scores

CVSS 3.1
3.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L

Affected Products

VendorProductVersions
Red HatRed Hat Enterprise Linux 90:323.1-1.el9_5
Red HatRed Hat Enterprise Linux 90:323.1-1.el9_5
Red HatRed Hat Enterprise Linux 10
Red HatRed Hat Enterprise Linux 7
Red HatRed Hat Enterprise Linux 8
Red HatRed Hat Enterprise Linux 10
Red HatRed Hat Enterprise Linux 90:323.1-1.el9_5, 0:323.1-1.el9_5, 0:323.1-1.el9_5
Red HatRed Hat Enterprise Linux 7
Red HatRed Hat Enterprise Linux 8

Timeline

  • Jul 3, 2024 CVE Published
  • Nov 21, 2025 CVE Updated
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›