{ "threat_severity" : "Moderate", "public_date" : "2024-11-27T00:00:00Z", "bugzilla" : { "description" : "emacs: arbitrary code execution via Lisp macro expansion", "id" : "2329161", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2329161" }, "cvss3" : { "cvss3_base_score" : "7.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-94", "details" : [ "In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)", "A flaw was found in Emacs. Viewing or editing an untrusted Emacs Lisp source code file can cause arbitrary code execution due to unsafe macro expansion when a user has configured elisp-completion-at-point for code completion or has enabled automatic error checking, such as Flymake or Flycheck." ], "statement" : "To exploit this flaw, an attacker needs to trick a user into opening an Emacs Lisp source code file with a crafted macro definition. Additionally, the user must have `elisp-completion-at-point` configured or automatic error checking enabled.\nFor these reasons, this flaw has been rated with a Moderate severity.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-07-15T00:00:00Z", "advisory" : "RHSA-2025:11030", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "emacs-1:26.1-15.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-07-15T00:00:00Z", "advisory" : "RHSA-2025:11030", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "emacs-1:26.1-15.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-12T00:00:00Z", "advisory" : "RHSA-2025:4787", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "emacs-1:27.2-11.el9_5.2" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-06-24T00:00:00Z", "advisory" : "RHSA-2025:9448", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "emacs-1:27.2-14.el9_6.2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2025-05-12T00:00:00Z", "advisory" : "RHSA-2025:4794", "cpe" : "cpe:/a:redhat:rhel_eus:9.2", "package" : "emacs-1:27.2-8.el9_2.3" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-05-12T00:00:00Z", "advisory" : "RHSA-2025:4793", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "emacs-1:27.2-10.el9_4.2" }, { "product_name" : "Red Hat Discovery 2", "release_date" : "2025-07-21T00:00:00Z", "advisory" : "RHSA-2025:11487", "cpe" : "cpe:/a:redhat:discovery:2::el9", "package" : "discovery/discovery-server-rhel9:sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "emacs", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "emacs", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-53920\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53920\nhttps://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html\nhttps://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/" ], "name" : "CVE-2024-53920", "mitigation" : { "value" : "Do not open or view untrusted Emacs Lisp source code files.\nDisabling auto-completion features and automatic error checking such as Flymake or Flycheck in untrusted Emacs Lisp source code files will mitigate this vulnerability.", "lang" : "en:us" }, "csaw" : false }