A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HFedora Project Fedora
OSFedoraproject3738Red Hat Enterprise Linux
OSRedhat8.09.0Red Hat Enterprise Linux Desktop
OSRedhat7.0Red Hat Enterprise Linux Eus
OSRedhat8.68.89.09.2Red Hat Enterprise Linux For Arm 64
OSRedhat8.09.09.2Red Hat Enterprise Linux For Arm 64 Eus
OSRedhat8.68.89.09.2Red Hat Enterprise Linux For IBM Z Systems
OSRedhat7.08.09.09.2Red Hat Enterprise Linux For IBM Z Systems Eus
OSRedhat8.68.89.09.2Red Hat Enterprise Linux For Power Big Endian
OSRedhat7.0Red Hat Enterprise Linux For Power Little Endian
OSRedhat7.08.09.0Red Hat Enterprise Linux For Power Little Endian Eus
OSRedhat8.89.09.2Red Hat Enterprise Linux For Scientific Computing
OSRedhat7.0Red Hat Enterprise Linux Server
OSRedhat7.0Red Hat Enterprise Linux Server Aus
OSRedhat8.28.48.69.2Red Hat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
OSRedhat8.18.28.48.68.89.09.2Red Hat Enterprise Linux Server Tus
OSRedhat8.28.48.68.8Red Hat Enterprise Linux Server Update Services For Sap Solutions
OSRedhat9.09.2Red Hat Enterprise Linux Update Services For Sap Solutions
OSRedhat8.18.28.48.68.8Red Hat Enterprise Linux Workstation
OSRedhat7.0Red Hat Subscription Manager
APPRedhat< 1.28.391.29.0 – 1.29.37 (bez)
Related vulnerabilities
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML
Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)
Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox