Cyber Resilience

CVE-2024-28085

LowPublic PoCUpdated

Published: 27 March 2024

Published
27 March 2024
Modified
12 May 2026
KEV Added
Patch
27 March 2024
CVSS Score v3.1 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.1093 93.6th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-28085 is a low-severity Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150) vulnerability in Kernel Util-Linux. Its CVSS base score is 3.3 (Low).

Operationally, ranked in the top 6.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The vulnerability affects the wall utility in util-linux versions through 2.40. When wall is installed with setgid tty permissions, it fails to sanitize escape sequences supplied via command-line arguments (argv), even though sequences received from stdin are blocked. This stems from improper handling of untrusted input as described under CWE-150 and carries a low CVSS score of 3.3.

A local attacker with access to execute wall can supply crafted escape sequences on the command line to write directly to other users' terminals. In plausible configurations this can be leveraged to manipulate terminal state or capture input, potentially resulting in account takeover.

The EPSS score remains low, with a current value of 0.1093 and a peak of 0.1274; the modest movement does not indicate material post-disclosure interest. Public discussion of the issue appears in oss-security mailing list threads from March 2024, though no specific patch or mitigation details are provided in the available references.

EU & UK References

Vulnerability details

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.)…

more

There may be plausible scenarios where this leads to account takeover.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

kernel
util-linux
2.24 — 2.39.4
debian
debian linux
10.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References