CVE-2024-54159: n/a
CVE-2024-54159 is a medium-severity local vulnerability in stalld versions up to 1. 19. 7 that allows local users to cause a denial of service by overwriting files via a symlink attack on /tmp/rtthrottle. Exploitation requires local access and user interaction, with high attack complexity and no privilege requirement. The vulnerability impacts availability by causing service disruption but does not affect confidentiality or integrity directly. No known exploits are currently reported in the wild. Mitigation involves securing the /tmp directory usage, applying patches when available, and restricting local user permissions to prevent symlink creation. This threat primarily affects Linux-based systems running stalld, with higher risk in countries with widespread Linux server deployments and critical infrastructure relying on this daemon. The assessed severity is medium due to limited impact scope and exploitation complexity.
AI Analysis
Technical Summary
CVE-2024-54159 is a vulnerability identified in stalld, a daemon used in Linux environments, present through version 1.19.7. The flaw arises from insecure handling of the /tmp/rtthrottle file, which can be exploited by a local attacker through a symbolic link (symlink) attack. By creating a malicious symlink at /tmp/rtthrottle pointing to an arbitrary file, an attacker can cause stalld to overwrite that file, resulting in a denial of service (DoS) condition. This vulnerability is classified under CWE-732, which involves incorrect permissions or access control on critical files. The attack requires local access and user interaction, with a high attack complexity, meaning it is not trivial to exploit. The CVSS v3.1 score is 4.1 (medium severity), reflecting limited impact on confidentiality and integrity but moderate impact on availability. No privilege escalation is needed, but the attacker must have local user rights. There are no patches or known exploits publicly available at this time. The vulnerability’s scope is limited to systems running the affected stalld versions, typically Linux servers or devices using this daemon for resource throttling.
Potential Impact
The primary impact of CVE-2024-54159 is denial of service through file overwrite, which can disrupt the normal operation of stalld and potentially other system components if critical files are overwritten. This can lead to service outages or degraded performance, affecting availability. Since the attack requires local access, the risk is limited to environments where untrusted users have shell or user-level access. The vulnerability does not directly compromise confidentiality or integrity of data but may indirectly affect system stability and reliability. Organizations relying on stalld for resource management in multi-user or shared environments may experience interruptions, impacting operational continuity. The absence of known exploits reduces immediate risk, but the vulnerability could be leveraged in targeted attacks or combined with other exploits. Systems without proper file permission controls or with lax local user restrictions are at higher risk.
Mitigation Recommendations
To mitigate CVE-2024-54159, organizations should implement the following specific measures: 1) Restrict local user permissions to prevent unauthorized creation of symlinks in /tmp or other temporary directories; 2) Employ filesystem protections such as mounting /tmp with the 'noexec', 'nodev', and 'nosuid' options and consider using 'sticky bit' permissions to prevent symlink abuse; 3) Monitor and audit /tmp directory for suspicious symlink creation or modifications; 4) Apply any available patches or updates from stalld maintainers promptly once released; 5) Consider running stalld with the least privileges necessary and in a confined environment (e.g., containers or sandboxing) to limit impact; 6) Educate system administrators about the risks of symlink attacks and enforce strict local user access policies; 7) Use security tools that detect and prevent symlink race conditions or attacks. These targeted steps go beyond generic advice by focusing on the specific attack vector and environment of stalld.
Affected Countries
United States, Germany, India, China, United Kingdom, France, Japan, South Korea, Canada, Australia
CVE-2024-54159: n/a
Description
CVE-2024-54159 is a medium-severity local vulnerability in stalld versions up to 1. 19. 7 that allows local users to cause a denial of service by overwriting files via a symlink attack on /tmp/rtthrottle. Exploitation requires local access and user interaction, with high attack complexity and no privilege requirement. The vulnerability impacts availability by causing service disruption but does not affect confidentiality or integrity directly. No known exploits are currently reported in the wild. Mitigation involves securing the /tmp directory usage, applying patches when available, and restricting local user permissions to prevent symlink creation. This threat primarily affects Linux-based systems running stalld, with higher risk in countries with widespread Linux server deployments and critical infrastructure relying on this daemon. The assessed severity is medium due to limited impact scope and exploitation complexity.
AI-Powered Analysis
Technical Analysis
CVE-2024-54159 is a vulnerability identified in stalld, a daemon used in Linux environments, present through version 1.19.7. The flaw arises from insecure handling of the /tmp/rtthrottle file, which can be exploited by a local attacker through a symbolic link (symlink) attack. By creating a malicious symlink at /tmp/rtthrottle pointing to an arbitrary file, an attacker can cause stalld to overwrite that file, resulting in a denial of service (DoS) condition. This vulnerability is classified under CWE-732, which involves incorrect permissions or access control on critical files. The attack requires local access and user interaction, with a high attack complexity, meaning it is not trivial to exploit. The CVSS v3.1 score is 4.1 (medium severity), reflecting limited impact on confidentiality and integrity but moderate impact on availability. No privilege escalation is needed, but the attacker must have local user rights. There are no patches or known exploits publicly available at this time. The vulnerability’s scope is limited to systems running the affected stalld versions, typically Linux servers or devices using this daemon for resource throttling.
Potential Impact
The primary impact of CVE-2024-54159 is denial of service through file overwrite, which can disrupt the normal operation of stalld and potentially other system components if critical files are overwritten. This can lead to service outages or degraded performance, affecting availability. Since the attack requires local access, the risk is limited to environments where untrusted users have shell or user-level access. The vulnerability does not directly compromise confidentiality or integrity of data but may indirectly affect system stability and reliability. Organizations relying on stalld for resource management in multi-user or shared environments may experience interruptions, impacting operational continuity. The absence of known exploits reduces immediate risk, but the vulnerability could be leveraged in targeted attacks or combined with other exploits. Systems without proper file permission controls or with lax local user restrictions are at higher risk.
Mitigation Recommendations
To mitigate CVE-2024-54159, organizations should implement the following specific measures: 1) Restrict local user permissions to prevent unauthorized creation of symlinks in /tmp or other temporary directories; 2) Employ filesystem protections such as mounting /tmp with the 'noexec', 'nodev', and 'nosuid' options and consider using 'sticky bit' permissions to prevent symlink abuse; 3) Monitor and audit /tmp directory for suspicious symlink creation or modifications; 4) Apply any available patches or updates from stalld maintainers promptly once released; 5) Consider running stalld with the least privileges necessary and in a confined environment (e.g., containers or sandboxing) to limit impact; 6) Educate system administrators about the risks of symlink attacks and enforce strict local user access policies; 7) Use security tools that detect and prevent symlink race conditions or attacks. These targeted steps go beyond generic advice by focusing on the specific attack vector and environment of stalld.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-11-29T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6bc4b7ef31ef0b55ac49
Added to database: 2/25/2026, 9:38:12 PM
Last enriched: 2/26/2026, 1:51:58 AM
Last updated: 2/26/2026, 9:35:24 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-28138: Deserialization of Untrusted Data in Stylemix uListing
HighCVE-2026-28136: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in VeronaLabs WP SMS
HighCVE-2026-28132: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in villatheme WooCommerce Photo Reviews
HighCVE-2026-28131: Insertion of Sensitive Information Into Sent Data in WPVibes Elementor Addon Elements
HighCVE-2026-28083: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in UX-themes Flatsome
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.