ГлавнаяУязвимости → CVE-2026-58302
8.4высокая

CVE-2026-58302

Описание

rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to load an arbitrary shared library. Because the process retains elevated privileges during module loading, this results in local privilege escalation to root.

CVSS
Балл8.4 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://bugs.debian.org/1140943https://github.com/LinuxCNC/linuxcnc/commit/00d534c87464a3ed446656998aa02b8abc74b391https://github.com/LinuxCNC/linuxcnc/commit/ea7cd579d39b586952a42e3da9a26d3e36e7a272https://github.com/LinuxCNC/linuxcnc/compare/v2.9.8...v2.9.9