Bug 2329161 (CVE-2024-53920) - CVE-2024-53920 emacs: arbitrary code execution via Lisp macro expansion
Summary: CVE-2024-53920 emacs: arbitrary code execution via Lisp macro expansion
Keywords:
Status: NEW
Alias: CVE-2024-53920
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2329248 2329249 2329250
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-11-27 15:01 UTC by OSIDB Bzimport
Modified: 2025-05-12 10:25 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:4787 0 None None None 2025-05-12 01:29:34 UTC
Red Hat Product Errata RHSA-2025:4793 0 None None None 2025-05-12 10:25:29 UTC
Red Hat Product Errata RHSA-2025:4794 0 None None None 2025-05-12 10:00:31 UTC

Description OSIDB Bzimport 2024-11-27 15:01:31 UTC 
In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)
Comment 2 Jacek Migacz 2025-02-25 14:41:09 UTC 
There is an upstream fix addressing this CVE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=b5158bd191422e46273c4d9412f2bf097e2da2e0
Comment 3 errata-xmlrpc 2025-05-12 01:29:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:4787 https://access.redhat.com/errata/RHSA-2025:4787
Comment 4 errata-xmlrpc 2025-05-12 10:00:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:4794 https://access.redhat.com/errata/RHSA-2025:4794
Comment 5 errata-xmlrpc 2025-05-12 10:25:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:4793 https://access.redhat.com/errata/RHSA-2025:4793
Note You need to log in before you can comment on or make changes to this bug.