VIR Vulnerability Intelligence Relay

CVE-2024-6387

high
Published 2024-07-03 · Modified 2024-07-04
CVSS v3
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2
VIR risk
8.1

Description

Important: openssh security update

Predictions

Exploit likelihood
88%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2024-4312.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2294604

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-6387

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2024-6387.html

vendor Authored 2026-05-27

Vendor advisory: af854a3a-2127-422b-91ae-364da2661108 — https://news.ycombinator.com/item?id=40843778

vendor Authored 2026-05-27

Vendor advisory: af854a3a-2127-422b-91ae-364da2661108 — https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html

vendor Authored 2026-05-27

Vendor advisory: af854a3a-2127-422b-91ae-364da2661108 — https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html

vendor Authored 2026-05-27

Vendor advisory: af854a3a-2127-422b-91ae-364da2661108 — https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09

vendor Authored 2026-05-27

Vendor advisory: af854a3a-2127-422b-91ae-364da2661108 — https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc

vendor Authored 2026-05-27

Vendor advisory: af854a3a-2127-422b-91ae-364da2661108 — http://www.openwall.com/lists/oss-security/2024/07/03/3

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://www.openssh.com/txt/release-9.8

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-202407-1

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:4312

OS impact
OSVersionStatusFixed in
redhat rhel9fixed
arch archfixed9.8p1-1
suse slesaffected
debian debianbookwormfixed1:9.2p1-2+deb12u3
debian debianbullseyefixed0
debian debianforkyfixed1:9.7p1-7
debian debiansidfixed1:9.7p1-7
debian debiantrixiefixed1:9.7p1-7
ubuntu ubuntu23.10affected
ubuntu ubuntu24.04affected
ubuntu ubuntu22.04affected
ubuntu ubuntu22.10affected
ubuntu ubuntu23.04affected
debian debian12.0affected
redhat rhel9.0affected
redhat rhel9.4affected
redhat rhel9.0_aarch64affected
macos macosaffected12.7.6
freebsd freebsd13.2affected
freebsd freebsd13.3affected
freebsd freebsd14.0affected
freebsd freebsd14.1affected
freebsd freebsdaffected
almalinux almalinux9.0affected

Application impact
VendorProductVersionsFixed
openbsdopenssh8.6
openbsdopenssh4.4
openbsdopenssh8.5
openbsdopenssh{"endExcluding":"4.4"}4.4
redhatopenshift_container_platform4.0
netappactive_iq_unified_manager-
netappe-series_santricity_os_controller{"startIncluding":"11.0.0","endIncluding":"11.70.2"}
netappontap9
netappontap_select_deploy_administration_utility-
netappontap_tools9
netappontap_tools10

References

CWEs

CWE-364 CWE-362

Verify integrity in audit chain (admin only). AS-IS.