{"id":"AZL-64337","summary":"CVE-2024-11584 affecting package cloud-init for versions less than 24.3.1-2","details":"cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the \"/run/cloud-init/hook-hotplug-cmd\" FIFO. An unprivileged user could trigger hotplug-hook commands.","modified":"2026-04-21T04:32:21.840078Z","published":"2025-06-26T10:15:24Z","upstream":["CVE-2024-11584"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-11584"}],"affected":[{"package":{"name":"cloud-init","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/cloud-init"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.3.1-2"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64337.json"}}],"schema_version":"1.7.5"}