Not a user yet?
Log in Register for free Suggest a product
Update

USN-7677-1: cloud-init vulnerabilities

Ubuntu ServerUbuntu Server
Canonical

USN-7677-1: cloud-init vulnerabilities
Publication date: 28 July 2025
Overview: Several security issues were fixed in cloud-init.

Packages
cloud-init - initialization and customization tool for cloud instances
Details
Harry Sintonen discovered that the hotplugd socket in cloud-init was world
writable. An attacker could possibly use this issue to send hotplug-hook
commands. (CVE-2024-11584)

It was discovered that cloud-init granted root access to a hardcoded URL
with a local IP address when a non-x86 platform is detected. An attacker
could possibly impersonate an OpenStack endpoint and provide root
configuration data. (CVE-2024-6174)

Update instructions
The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version

  • 24.04 noble: cloud-init – 25.1.4-0ubuntu0~24.04.1
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad