CVE-2024-34455
📋 TL;DR
This vulnerability in Buildroot allows attackers to manipulate the /dev/shm directory due to missing sticky bit permissions. It affects systems using Buildroot before version 2024.02.2. The lack of sticky bit enables unauthorized file operations in shared memory.
💻 Affected Systems
- Buildroot
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Privilege escalation leading to root access, data manipulation, or system compromise through shared memory exploitation.
Likely Case
Unauthorized file creation or deletion in /dev/shm, potentially disrupting applications using shared memory.
If Mitigated
Minimal impact with proper directory permissions and isolation controls in place.
🎯 Exploit Status
Exploitation requires local shell access and knowledge of shared memory usage patterns.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.02.2
Vendor Advisory: https://github.com/buildroot/buildroot/commit/0b2967e15800421efbdfe3a7a6061cf6bd84134d
Restart Required: No
Instructions:
1. Update Buildroot to version 2024.02.2 or later. 2. Rebuild your system image. 3. Deploy the updated image to affected systems.
🔧 Temporary Workarounds
Manual sticky bit application
linuxManually set the sticky bit on /dev/shm directory
chmod +t /dev/shm
🧯 If You Can't Patch
- Implement strict access controls to limit who can access /dev/shm
- Monitor file operations in /dev/shm directory for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check /dev/shm permissions: ls -ld /dev/shm | grep '^drwxrwxrwt' - if missing 't' in permissions, vulnerable.Check Version:
Check Buildroot version in build configuration or run: grep 'BR2_VERSION' in buildroot directory.Verify Fix Applied:
Verify /dev/shm has sticky bit: ls -ld /dev/shm should show 'drwxrwxrwt'.📡 Detection & Monitoring
Log Indicators:
- Unusual file creation/deletion in /dev/shm
- Permission change attempts on /dev/shm
Network Indicators:
- None - local-only vulnerability
SIEM Query:
process.name:chmod AND file.path:/dev/shm OR file.path:/dev/shm/*🔗 References
- http://www.openwall.com/lists/oss-security/2024/05/06/2
- http://www.openwall.com/lists/oss-security/2024/05/06/4
- http://www.openwall.com/lists/oss-security/2024/05/07/4
- https://github.com/buildroot/buildroot/commit/0b2967e15800421efbdfe3a7a6061cf6bd84134d
- https://www.openwall.com/lists/oss-security/2024/04/11/13
- http://www.openwall.com/lists/oss-security/2024/05/06/2
- http://www.openwall.com/lists/oss-security/2024/05/06/4
- http://www.openwall.com/lists/oss-security/2024/05/07/4
- https://github.com/buildroot/buildroot/commit/0b2967e15800421efbdfe3a7a6061cf6bd84134d
- https://www.openwall.com/lists/oss-security/2024/04/11/13
