{"id":"CVE-2024-52337","details":"A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.","modified":"2026-04-10T05:15:05.297681Z","published":"2024-11-26T16:15:17Z","related":["ALSA-2024:10384","ALSA-2024:11161","openSUSE-SU-2024:14605-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:10381"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:10384"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:11161"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:0195"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:0327"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:0368"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:0879"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:0880"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:0881"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:1785"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:1802"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2324541"},{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2024-52337"},{"type":"WEB","url":"https://security.opensuse.org/2024/11/26/tuned-instance-create.html"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2024/11/28/1"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2024/11/28/2"}],"schema_version":"1.7.5"}