{"id":"CVE-2024-28085","details":"wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.","modified":"2026-04-02T10:08:04.566684Z","published":"2024-03-27T19:15:48.367Z","related":["GHSA-xv2h-c6ww-mrjq","MGASA-2024-0112","SUSE-SU-2024:1106-1","SUSE-SU-2024:1169-1","SUSE-SU-2024:1170-1","SUSE-SU-2024:1171-1","SUSE-SU-2024:1172-1","SUSE-SU-2024:1943-1","SUSE-SU-2025:20003-1","SUSE-SU-2025:20304-1","openSUSE-SU-2024:14523-1"],"references":[{"type":"WEB","url":"https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2024/Mar/35"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2024/03/28/2"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240531-0003/"},{"type":"ADVISORY","url":"https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2024/03/27/6"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html"},{"type":"ADVISORY","url":"https://www.openwall.com/lists/oss-security/2024/03/27/5"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2024/03/28/3"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2024/03/28/1"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2024/03/27/7"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2024/03/27/8"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2024/03/27/9"},{"type":"EVIDENCE","url":"http://www.openwall.com/lists/oss-security/2024/03/27/5"},{"type":"EVIDENCE","url":"https://github.com/skyler-ferrante/CVE-2024-28085"},{"type":"EVIDENCE","url":"https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/karelzak/util-linux","events":[{"introduced":"bad3c52f0b2dd97e70a5c92edcc7f67dceeb4ba1"},{"fixed":"8230dec4c50810065403eefe3c8cda475976e3eb"}],"database_specific":{"versions":[{"introduced":"2.24"},{"fixed":"2.39.4"}]}}],"versions":["v2.24","v2.24.1","v2.24.2","v2.25","v2.25-rc1","v2.25-rc2","v2.25.1","v2.25.1-rc1","v2.25.2","v2.26","v2.26-rc1","v2.26-rc2","v2.26.1","v2.26.2","v2.27","v2.27-rc1","v2.27-rc2","v2.27.1","v2.28","v2.28-rc1","v2.28-rc2","v2.28.1","v2.28.2","v2.29","v2.29-rc1","v2.29-rc2","v2.29.1","v2.29.2","v2.30","v2.30-rc1","v2.30-rc2","v2.30.1","v2.30.2","v2.31","v2.31-rc1","v2.31-rc2","v2.31.1","v2.32","v2.32-rc1","v2.32-rc2","v2.32.1","v2.33","v2.33-rc1","v2.33-rc2","v2.33.1","v2.33.2","v2.34","v2.34-rc1","v2.34-rc2","v2.35","v2.35-rc1","v2.35-rc2","v2.35.1","v2.35.2","v2.36","v2.36-rc1","v2.36-rc2","v2.36.1","v2.36.2","v2.37","v2.37-rc1","v2.37-rc2","v2.37.1","v2.37.2","v2.37.3","v2.37.4","v2.38","v2.38-rc1","v2.38-rc2","v2.38-rc3","v2.38-rc4","v2.38.1","v2.39","v2.39-rc1","v2.39-rc2","v2.39-rc3","v2.39.1","v2.39.2","v2.39.3","v2.40","v2.40-rc1","v2.40-rc2","v2.40.1","v2.40.1-rc1","v2.40.2","v2.40.3","v2.40.4","v2.41","v2.41-devel","v2.41-rc1","v2.41-rc2","v2.41-start","v2.41.1","v2.41.2","v2.41.2-rc1","v2.41.3","v2.41.4","v2.42","v2.42-rc1","v2.42-rc2","v2.42-start","v2.43-devel"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28085.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}