-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe analysis is based on the provided vulnerability description, the commit information (specifically the patch e1f438970e5a337a17070a637c1b9e19697cad09 which adds SOURCES/openssh-9.8p1-upstream-cve-2024-6387.patch), and the detailed explanation from the Qualys security advisory (regresshion.txt).
The vulnerability (CVE-2024-6387) is a signal handler race condition in OpenSSH's sshd. The SIGALRM signal handler (grace_alarm_handler) calls functions that are not async-signal-safe, primarily syslog.
The provided commit patch directly modifies the function sshsigdie in log.c. The patch comments out the call to sshlogv within sshsigdie. The Qualys advisory confirms the call chain: grace_alarm_handler (SIGALRM handler) -> sigdie (macro) -> sshsigdie -> sshlogv -> do_log -> syslog.
Since syslog (and functions it might call, like malloc and free) is not async-signal-safe, its invocation from the signal handler path via sshsigdie constitutes the vulnerability. The patch directly addresses this by removing the problematic call from sshsigdie. Therefore, sshsigdie is identified as the vulnerable function as it contained the unsafe call that was remediated by this patch.
Ongoing coverage of React2Shell