CVE-2024-48990

Published Nov 19, 2024

Last updated 4 months ago

CVSS high 7.8
Ubuntu

Overview

Description
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
Source
security@ubuntu.com
NVD status
Modified
Products
needrestart

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-427

Social media

Hype score
Not currently trending

  1. needrestart-privesc-cve-2024-48990 #exploit Local privilege escalation exploit for needrestart (CVE-2024-48990) https://t.co/kKsdKyhpuJ

    @TheExploitLab

    22 Dec 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-48990 is a priv esc vulnerability for needrestart in version 3.7 and below This bug is due to a search path element in checking the Python processes in the PYTHONPATH environment without any sanitization Attackers can insert their code into the search path as a user h

    @Koinsec

    21 Dec 2025

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-48990 #exploit an exploit for CVE-2024-48990 ( Local Privilege Escalation ) in needrestart https://t.co/HGoQHQ2R7u

    @TheExploitLab

    17 Dec 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. آسیب‌پذیری بحرانی در ابزار needrestart: CVE-2024-48990 https://t.co/EsSLluD5TY #cve_2024_48990 https://t.co/x0A3Ud6b75

    @MrMtwoj

    1 Jul 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Linux LPE via Needrestart (CVE-2024-48990) allows local attackers to gain root access by exploiting improper handling of the PYTHONPATH variable in versions prior to 3.8. #CVE2024 #Linux #LPE https://t.co/B8KRDjioDq

    @RootOps_

    5 Jan 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Apache Tomcat RCE https://t.co/biOW1jOz6G 2. CVE-2024-48990: Qualys needrestart <3.8 - Uncontrolled Search Path Element https://t.co/pKVKT2PM7r

    @ShaiiikShoaiiib

    24 Dec 2024

    196 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  7. #exploit 1. CVE-2024-50379: Apache Tomcat RCE https://t.co/WAsPq9YMAW 2. CVE-2024-48990: Qualys needrestart <3.8 - Uncontrolled Search Path Element https://t.co/TrNdynfKau

    @ksg93rd

    23 Dec 2024

    224 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Ubuntuのneedrestartに脆弱性(CVE-2024-48990、CVE-2024-48991、CVE-2024-48992、CVE-2024-10224、CVE-2024-11003) https://t.co/jdRGYKBJWD

    @01Programing

    25 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Ubuntuのneedrestartに脆弱性(CVE-2024-48990、CVE-2024-48991、CVE-2024-48992、CVE-2024-10224、CVE-2024-11003)|セキュリティニュース https://t.co/Cm1CuKHnqf

    @01ra66it

    25 Nov 2024

    233 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  10. GitHub - makuga01/CVE-2024-48990-PoC: PoC for CVE-2024-48990 https://t.co/xCVnpcBojh

    @akaclandestine

    24 Nov 2024

    1081 Impressions

    2 Retweets

    2 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  11. Actively exploited CVE : CVE-2024-48990

    @transilienceai

    24 Nov 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. CVE-2024-48990: Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable. https://t.co/0bp0fZTQ1P https

    @cyber_advising

    23 Nov 2024

    720 Impressions

    0 Retweets

    7 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  13. GitHub - makuga01/CVE-2024-48990-PoC: PoC for CVE-2024-48990 - https://t.co/OMGxkSLSIS

    @piedpiper1616

    22 Nov 2024

    1990 Impressions

    13 Retweets

    27 Likes

    12 Bookmarks

    0 Replies

    0 Quotes

  14. Ubuntu 25.04 Plucky Puffin e vulnerabilità needrestart Tech, CVE-2024-48990, cybersecurity, GNOME 48, Linux Kernel 6.14, needrestart, Plucky Puffin, Ubuntu 25.04, vulnerabilità https://t.co/9V8nBaEREJ https://t.co/sTcVUZ2vME

    @matricedigitale

    21 Nov 2024

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Canonical’s security team has released updates for the needrestart and libmodule-scandeps-perl packages for all Ubuntu releases. The updates remediate CVE-2024-10224, CVE-2024-11003, CVE-2024-48990, CVE-2024-48991 and CVE-2024-48992. Learn more on the blog https://t.co/vjtSFyCpCK

    @ubuntu

    21 Nov 2024

    6943 Impressions

    15 Retweets

    74 Likes

    6 Bookmarks

    0 Replies

    1 Quote

  16. CVE-2024-48990 and other: Multiple vulns in Needrestart utility for Ubuntu, 5.3 - 7.8 rating❗️ Five vulns allow LPE to be carried out on machines running Ubuntu OS. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/YW9lwDxQUw #cybersecurity #vulnerability_map #ubuntu ht

    @Netlas_io

    21 Nov 2024

    348 Impressions

    1 Retweet

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Great catch(es) with CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003 by @qualys in “needrestart” v0.8 in Ubuntu Linux 21.04. Needrestart v3.8 patches all five. Released yesterday. Full text of the Qualys advisory at https://t.co/Jl3HFVKjQw

    @Sujeet

    20 Nov 2024

    93 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 5 Privilege Escalation Flaws Found in #Ubuntu's Default Utility, #needrestart CVEs CVE-2024-48990, CVE-2024-48991, CVE-2024-48992 These flaws can be exploited by any unprivileged user to gain full root access without requiring user interaction https://t.co/OcI2NlXn53

    @the_yellow_fall

    20 Nov 2024

    766 Impressions

    9 Retweets

    21 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  19. Was going to let that just be a tweet but it turned into a full blown blogpost - Servers NeedRestart - The Problem with CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003 https://t.co/TBrlK4XeBb

    @nanovms

    20 Nov 2024

    189 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CVE-2024-48990 CVE-2024-48991 CVE-2024-48992 CVE-2024-10224 and CVE-2024-11003 - all probably affecting your ubuntu servers - this is a perfect example of why you should be using unikernels - WTF would you allow some perl to run as root if you yourself don't code in perl? https:

    @nanovms

    19 Nov 2024

    293 Impressions

    0 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    1 Quote

Configurations

Related CVEs

  1. GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28265.CVE-2026-2045
  2. A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when downloaded and extracted by NLTK, can execute arbitrary code. The vulnerability arises because NLTK assumes all downloaded packages are trusted and extracts them without validation. If a malicious package contains Python files, such as __init__.py, these files are executed automatically upon import, leading to remote code execution. This issue can result in full system compromise, including file system access, network access, and potential persistence mechanisms.CVE-2025-14009
  3. Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.CVE-2026-2447
  4. Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur if an unprivileged user knows the token of an admin user.CVE-2025-69634
  5. PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames.CVE-2026-25994

References

Sources include official advisories and independent security research.