CVE-2024-6409
Openssh: possible remote code execution due to a race condition in signal handling affecting red hat enterprise linux 9
CVSS Score
7.0
EPSS Score
0.0%
EPSS Percentile
0th
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.
| CWE | CWE-364 |
| Published | Jul 8, 2024 |
| Last Updated | Nov 11, 2025 |
Stay Ahead of the Next One
Get instant alerts for
Be the first to know when new high vulnerabilities are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High
Affected Versions
Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Extended Update Support
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4457 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4613 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4716 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4910 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4955 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4960 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:5444 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-6409 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2295085 openwall.com: http://www.openwall.com/lists/oss-security/2024/07/08/2 openwall.com: http://www.openwall.com/lists/oss-security/2024/07/09/2 openwall.com: http://www.openwall.com/lists/oss-security/2024/07/09/5 openwall.com: http://www.openwall.com/lists/oss-security/2024/07/10/1 openwall.com: http://www.openwall.com/lists/oss-security/2024/07/10/2 almalinux.org: https://almalinux.org/blog/2024-07-09-cve-2024-6409/ bugzilla.suse.com: https://bugzilla.suse.com/show_bug.cgi?id=1227217 explore.alas.aws.amazon.com: https://explore.alas.aws.amazon.com/CVE-2024-6409.html github.com: https://github.com/openela-main/openssh/commit/c00da7741d42029e49047dd89e266d91dcfbffa0 security-tracker.debian.org: https://security-tracker.debian.org/tracker/CVE-2024-6409 security.netapp.com: https://security.netapp.com/advisory/ntap-20240712-0003/ sig-security.rocky.page: https://sig-security.rocky.page/issues/CVE-2024-6409/ ubuntu.com: https://ubuntu.com/security/CVE-2024-6409 suse.com: https://www.suse.com/security/cve/CVE-2024-6409.html
Credits
Red Hat would like to thank Solar Designer (CIQ/Rocky Linux) for reporting this issue.