{ "document": { "aggregate_severity": { "text": "Low" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/vex/2024/cve-2024-56433-els_os-almalinux9_2esu.json" } ], "tracking": { "current_release_date": "2026-03-31T23:21:40Z", "generator": { "date": "2026-03-31T23:21:40Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2024-56433-ELS_OS-ALMALINUX9.2ESU", "initial_release_date": "2024-12-26T00:00:00Z", "revision_history": [ { "date": "2024-12-26T00:00:00Z", "number": "1", "summary": "Initial version" }, { "date": "2025-11-29T10:37:43Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-12-23T19:08:30Z", "number": "3", "summary": "Update document" }, { "date": "2026-03-31T23:21:40Z", "number": "4", "summary": "Update document" } ], "status": "final", "version": "4" }, "title": "Security update on CVE-2024-56433" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "shadow-utils-2:4.9-6.el9.x86_64", "product": { "name": "shadow-utils-2:4.9-6.el9.x86_64", "product_id": "shadow-utils-2:4.9-6.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/almalinux/shadow-utils@4.9-6.el9?arch=x86_64&epoch=2" } } }, { "category": "product_version", "name": "shadow-utils-subid-2:4.9-6.el9.x86_64", "product": { "name": "shadow-utils-subid-2:4.9-6.el9.x86_64", "product_id": "shadow-utils-subid-2:4.9-6.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/almalinux/shadow-utils-subid@4.9-6.el9?arch=x86_64&epoch=2" } } }, { "category": "product_version", "name": "shadow-utils-subid-devel-2:4.9-6.el9.x86_64", "product": { "name": "shadow-utils-subid-devel-2:4.9-6.el9.x86_64", "product_id": "shadow-utils-subid-devel-2:4.9-6.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/almalinux/shadow-utils-subid-devel@4.9-6.el9?arch=x86_64&epoch=2" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "shadow-utils-subid-2:4.9-6.el9.i686", "product": { "name": "shadow-utils-subid-2:4.9-6.el9.i686", "product_id": "shadow-utils-subid-2:4.9-6.el9.i686", "product_identification_helper": { "purl": "pkg:rpm/almalinux/shadow-utils-subid@4.9-6.el9?arch=i686&epoch=2" } } }, { "category": "product_version", "name": "shadow-utils-subid-devel-2:4.9-6.el9.i686", "product": { "name": "shadow-utils-subid-devel-2:4.9-6.el9.i686", "product_id": "shadow-utils-subid-devel-2:4.9-6.el9.i686", "product_identification_helper": { "purl": "pkg:rpm/almalinux/shadow-utils-subid-devel@4.9-6.el9?arch=i686&epoch=2" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "shadow-utils-2:4.9-6.el9.tuxcare.els1.x86_64", "product": { "name": "shadow-utils-2:4.9-6.el9.tuxcare.els1.x86_64", "product_id": "shadow-utils-2:4.9-6.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/shadow-utils@4.9-6.el9.tuxcare.els1?arch=x86_64&epoch=2" } } }, { "category": "product_version", "name": "shadow-utils-subid-2:4.9-6.el9.tuxcare.els1.x86_64", "product": { "name": "shadow-utils-subid-2:4.9-6.el9.tuxcare.els1.x86_64", "product_id": "shadow-utils-subid-2:4.9-6.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/shadow-utils-subid@4.9-6.el9.tuxcare.els1?arch=x86_64&epoch=2" } } }, { "category": "product_version", "name": "shadow-utils-subid-devel-2:4.9-6.el9.tuxcare.els1.x86_64", "product": { "name": "shadow-utils-subid-devel-2:4.9-6.el9.tuxcare.els1.x86_64", "product_id": "shadow-utils-subid-devel-2:4.9-6.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/shadow-utils-subid-devel@4.9-6.el9.tuxcare.els1?arch=x86_64&epoch=2" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "shadow-utils-subid-2:4.9-6.el9.tuxcare.els1.i686", "product": { "name": "shadow-utils-subid-2:4.9-6.el9.tuxcare.els1.i686", "product_id": "shadow-utils-subid-2:4.9-6.el9.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/shadow-utils-subid@4.9-6.el9.tuxcare.els1?arch=i686&epoch=2" } } }, { "category": "product_version", "name": "shadow-utils-subid-devel-2:4.9-6.el9.tuxcare.els1.i686", "product": { "name": "shadow-utils-subid-devel-2:4.9-6.el9.tuxcare.els1.i686", "product_id": "shadow-utils-subid-devel-2:4.9-6.el9.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/shadow-utils-subid-devel@4.9-6.el9.tuxcare.els1?arch=i686&epoch=2" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "shadow-utils-2:4.9-6.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:shadow-utils-2:4.9-6.el9.tuxcare.els1.x86_64" }, "product_reference": "shadow-utils-2:4.9-6.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "shadow-utils-2:4.9-6.el9.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:shadow-utils-2:4.9-6.el9.x86_64" }, "product_reference": "shadow-utils-2:4.9-6.el9.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "shadow-utils-subid-2:4.9-6.el9.tuxcare.els1.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:shadow-utils-subid-2:4.9-6.el9.tuxcare.els1.i686" }, "product_reference": "shadow-utils-subid-2:4.9-6.el9.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "shadow-utils-subid-2:4.9-6.el9.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:shadow-utils-subid-2:4.9-6.el9.i686" }, "product_reference": "shadow-utils-subid-2:4.9-6.el9.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "shadow-utils-subid-2:4.9-6.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:shadow-utils-subid-2:4.9-6.el9.tuxcare.els1.x86_64" }, "product_reference": "shadow-utils-subid-2:4.9-6.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "shadow-utils-subid-2:4.9-6.el9.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:shadow-utils-subid-2:4.9-6.el9.x86_64" }, "product_reference": "shadow-utils-subid-2:4.9-6.el9.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "shadow-utils-subid-devel-2:4.9-6.el9.tuxcare.els1.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:shadow-utils-subid-devel-2:4.9-6.el9.tuxcare.els1.i686" }, "product_reference": "shadow-utils-subid-devel-2:4.9-6.el9.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "shadow-utils-subid-devel-2:4.9-6.el9.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:shadow-utils-subid-devel-2:4.9-6.el9.i686" }, "product_reference": "shadow-utils-subid-devel-2:4.9-6.el9.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "shadow-utils-subid-devel-2:4.9-6.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:shadow-utils-subid-devel-2:4.9-6.el9.tuxcare.els1.x86_64" }, "product_reference": "shadow-utils-subid-devel-2:4.9-6.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "shadow-utils-subid-devel-2:4.9-6.el9.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:shadow-utils-subid-devel-2:4.9-6.el9.x86_64" }, "product_reference": "shadow-utils-subid-devel-2:4.9-6.el9.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-56433", "cwe": { "id": "CWE-1188", "name": "Initialization of a Resource with an Insecure Default" }, "notes": [ { "category": "description", "text": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "AlmaLinux-9.2:shadow-utils-2:4.9-6.el9.x86_64", "AlmaLinux-9.2:shadow-utils-subid-2:4.9-6.el9.i686", "AlmaLinux-9.2:shadow-utils-subid-2:4.9-6.el9.x86_64", "AlmaLinux-9.2:shadow-utils-subid-devel-2:4.9-6.el9.i686", "AlmaLinux-9.2:shadow-utils-subid-devel-2:4.9-6.el9.x86_64" ], "under_investigation": [ "AlmaLinux-9.2:shadow-utils-2:4.9-6.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:shadow-utils-subid-2:4.9-6.el9.tuxcare.els1.i686", "AlmaLinux-9.2:shadow-utils-subid-2:4.9-6.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:shadow-utils-subid-devel-2:4.9-6.el9.tuxcare.els1.i686", "AlmaLinux-9.2:shadow-utils-subid-devel-2:4.9-6.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-56433" } ], "release_date": "2024-12-26T00:00:00Z", "remediations": [ { "category": "no_fix_planned", "details": "This is a local, configuration-dependent issue: exploitation requires a local user to have subordinate UID delegation and to deliberately map a UID that exactly collides with a network identity that is reachable and trusted purely by numeric UID (e.g., an NFS export), which is a non-default condition. Absent that explicit overlap, the default /etc/subuid range does not map to real accounts and use of newuidmap cannot grant privileges beyond those already permitted by subordinate UID entries and user namespaces. With high attack complexity, unchanged scope, and only low confidentiality/integrity impact (no availability impact), it is reasonable to deprioritize this CVE relative to remotely exploitable or privilege-escalation vulnerabilities.", "product_ids": [ "AlmaLinux-9.2:shadow-utils-2:4.9-6.el9.x86_64", "AlmaLinux-9.2:shadow-utils-subid-2:4.9-6.el9.i686", "AlmaLinux-9.2:shadow-utils-subid-2:4.9-6.el9.x86_64", "AlmaLinux-9.2:shadow-utils-subid-devel-2:4.9-6.el9.i686", "AlmaLinux-9.2:shadow-utils-subid-devel-2:4.9-6.el9.x86_64" ] }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:shadow-utils-2:4.9-6.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:shadow-utils-subid-2:4.9-6.el9.tuxcare.els1.i686", "AlmaLinux-9.2:shadow-utils-subid-2:4.9-6.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:shadow-utils-subid-devel-2:4.9-6.el9.tuxcare.els1.i686", "AlmaLinux-9.2:shadow-utils-subid-devel-2:4.9-6.el9.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:shadow-utils-2:4.9-6.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:shadow-utils-2:4.9-6.el9.x86_64", "AlmaLinux-9.2:shadow-utils-subid-2:4.9-6.el9.i686", "AlmaLinux-9.2:shadow-utils-subid-2:4.9-6.el9.tuxcare.els1.i686", "AlmaLinux-9.2:shadow-utils-subid-2:4.9-6.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:shadow-utils-subid-2:4.9-6.el9.x86_64", "AlmaLinux-9.2:shadow-utils-subid-devel-2:4.9-6.el9.i686", "AlmaLinux-9.2:shadow-utils-subid-devel-2:4.9-6.el9.tuxcare.els1.i686", "AlmaLinux-9.2:shadow-utils-subid-devel-2:4.9-6.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:shadow-utils-subid-devel-2:4.9-6.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] } ] }