{"id":"CVE-2024-23301","details":"Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.","modified":"2026-04-16T04:31:38.307089017Z","published":"2024-01-12T23:15:10.030Z","related":["ALSA-2024:1147","ALSA-2024:1719","SUSE-SU-2024:0135-1","SUSE-SU-2024:0148-1","SUSE-SU-2024:0190-1","SUSE-SU-2024:0239-1","SUSE-SU-2024:0247-1","SUSE-SU-2024:0253-1","SUSE-SU-2024:0291-1","SUSE-SU-2024:0292-1","SUSE-SU-2024:0657-1","openSUSE-SU-2024:13612-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7JIN57LUPBI2GDJOK3PYXNHJTZT3AQTZ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHKMPXJNXEJJE6EVYE5HM7EKEJFQMBN7/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/02/msg00003.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JIN57LUPBI2GDJOK3PYXNHJTZT3AQTZ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHKMPXJNXEJJE6EVYE5HM7EKEJFQMBN7/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/12/msg00011.html"},{"type":"FIX","url":"https://github.com/rear/rear/issues/3122"},{"type":"FIX","url":"https://github.com/rear/rear/pull/3123"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rear/rear","events":[{"introduced":"0"},{"last_affected":"91e671557b4edd0b750582fc4b0b14f0588dc0e9"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.7"}]}}],"versions":["1.13.0","1.14","1.15","1.16","1.16.1","1.17.0","1.17.1","1.17.2","1.18","1.19","2.00","2.2","2.3","2.4","2.5","2.6","2.7","rear-1.13.0","rear-1.14","rear-1.15","rear-1.16","rear-1.16.1","rear-1.17.0","rear-1.17.1","rear-1.17.2","rear-1.18","rear-1.19","rear-2.00","rear-2.2","rear-2.3","rear-2.5","rear-2.6","rear-2.7","rear-2.xx"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23301.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}