Login Sign Up

CVE-2024-45752

8.5 HIGH

📋 TL;DR

CVE-2024-45752 allows any unprivileged user to configure the logid daemon via an unrestricted D-Bus service in logiops, enabling malicious keyboard macro configuration. This leads to privilege escalation with minimal user interaction. All systems running logiops through version 0.3.4 in default configuration are affected.

💻 Affected Systems

Products:
  • logiops
Versions: through 0.3.4
Operating Systems: Linux distributions with D-Bus support
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where logiops is installed and running with default configuration. The vulnerability exists in the D-Bus service interface.

📦 What is this software?

Logiops by Pixlone

View all CVEs affecting Logiops →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via privilege escalation to root, allowing attacker to execute arbitrary commands, install persistent backdoors, or access sensitive data.

🟠

Likely Case

Local privilege escalation allowing attacker to gain administrative privileges and modify system configurations or access restricted files.

🟢

If Mitigated

Limited impact if D-Bus access is restricted or logiops is not installed, with only local user account compromise possible.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.
🏢 Internal Only: HIGH - Any unprivileged user on the system can exploit this vulnerability to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local user access but minimal technical skill. The vulnerability is in the D-Bus interface which is easily accessible to local users.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.3.5 or later

Vendor Advisory: https://github.com/PixlOne/logiops/releases

Restart Required: Yes

Instructions:

1. Check current version with 'logid --version'. 2. Update to version 0.3.5 or later from GitHub releases. 3. Restart the logid daemon or reboot the system.

🔧 Temporary Workarounds

Restrict D-Bus access

linux

Configure D-Bus policy to restrict access to the logiops service

Create /etc/dbus-1/system.d/logiops.conf with restrictive policy rules

Disable logiops service

linux

Stop and disable the logid daemon if not needed

sudo systemctl stop logid
sudo systemctl disable logid

🧯 If You Can't Patch

  • Remove or uninstall logiops if not required for system functionality
  • Implement strict user access controls and monitor for suspicious D-Bus activity

🔍 How to Verify

Check if Vulnerable:

Check if logiops version is 0.3.4 or earlier with 'logid --version' or check running processes for logid

Check Version:

logid --version

Verify Fix Applied:

Verify version is 0.3.5 or later with 'logid --version' and check D-Bus service permissions

📡 Detection & Monitoring

Log Indicators:

  • Unusual D-Bus connections to logiops service
  • Unexpected logid daemon configuration changes

Network Indicators:

  • Local D-Bus traffic to logiops service from non-privileged users

SIEM Query:

process_name='logid' AND event_type='privilege_escalation' OR dbus_service='com.github.pixlone.LogiOps'

📊 Metadata

CVE ID: CVE-2024-45752
CVSS v3 Score: 8.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
CWE: CWE-269
Published: September 19, 2024
Last Updated: September 25, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45752, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)