CVE-2024-45770

MEDIUM

Performance Co-Pilot - Privilege Escalation

Title source: llm

Description

A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.

References (11)

Core 11

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:6837

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:6840

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:6842

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:6843

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:6844

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:6846

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:6847

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:6848

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:9452

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2024-45770

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2310451

Scores

CVSS v3 4.4

EPSS 0.0003

EPSS Percentile 10.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-59

Status published

Products (16)

Red Hat/Red Hat Enterprise Linux 10

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8 0:5.3.7-22.el8_10

Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support 0:5.0.2-9.el8_2

Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 0:5.2.5-8.el8_4

Red Hat/Red Hat Enterprise Linux 8.4 Telecommunications Update Service 0:5.2.5-8.el8_4

Red Hat/Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions 0:5.2.5-8.el8_4

Red Hat/Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support 0:5.3.5-10.el8_6

Red Hat/Red Hat Enterprise Linux 8.6 Telecommunications Update Service 0:5.3.5-10.el8_6

... and 6 more

Published Sep 19, 2024

Tracked Since Feb 18, 2026