Below: local privilege escalation (SUSE security team blog)

by
jzb
from LWN.net on (#6VW6X)

The SUSE Security Team blog has a post with adetailed analysis of a vulnerability (CVE-2025-27591)in the belowtool for recording and displaying system data.

In January 2025, Below was packaged and submitted to openSUSETumbleweed. Below runs as a systemd service with root privileges. TheSUSE security team monitors additions and changes to systemd serviceunit files in openSUSE Tumbleweed, and through this we noticedproblematic log directory permissions applied in Below's code.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments