The Qualys Threat Research Unit has identified five local privilege escalation (LPE) vulnerabilities within the needrestart component, which is the utility that scans systems to determine whether a restart is necessary for the system or its services. It is installed by default on Ubuntu Servers.
These vulnerabilities have the potential to compromise system integrity and security as they can be exploited by any unprivileged user to gain full root access by allowing local users to escalate their privileges by executing arbitrary code during package installations or upgrades, where needrestart is run.
This poses considerable risks for enterprises, including unauthorised access to sensitive data, malware installation and disruption of business operations. It could lead to data breaches, regulatory non-compliance, and erosion of trust among customers and stakeholders, ultimately affecting the organisation’s reputation. Enterprises should swiftly mitigate this risk by updating the software or disabling the vulnerable feature.
The identified flaws have been assigned the CVE identifiers CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003, highlighting the need for immediate remediation to protect system integrity.
The Qualys Threat Research Unit team has successfully developed functional exploits for these vulnerabilities. While not disclosing the exploits, it should be noted that these vulnerabilities are easily exploitable, and other researchers may release working exploits shortly following this coordinated disclosure.
These vulnerabilities have been present since the introduction of interpreter support in needrestart version 0.8, released in April 2014.
More information can be found at the Qualys Threat Research Unit blog.
