CVE-2024-56514 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-56514 Interim 1 10 2026-03-05T01:45:24Z current 2025-01-15T00:15:58Z 2026-03-05T01:45:24Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-56514 Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTP(s) URL to retrieve the custom resource definitions(CRDs) needed by Karmada. The CRDs are downloaded as a gzipped tarfile and are vulnerable to a TarSlip vulnerability. An attacker able to supply a malicious CRD file into a Karmada initialization could write arbitrary files in arbitrary paths of the filesystem. From Karmada version 1.12.0, when processing custom CRDs files, CRDs archive verification is utilized to enhance file system robustness. A workaround is available. Someone who needs to set flag `--crd` to customize the CRD files required for Karmada initialization when using `karmadactl init` to set up Karmada can manually inspect the CRD files to check whether they contain sequences such as `../` that would alter file paths, to determine if they potentially include malicious files. When using karmada-operator to set up Karmada, one must upgrade one's karmada-operator to one of the fixed versions. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2025-January/020087.html E-Mail link for SUSE-SU-2025:0060-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UV63VQGB6Y3V7AIZHIKF3PMFVIHM32MI/ E-Mail link for openSUSE-SU-2025:14624-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Container suse/sl-micro/6.0/baremetal-os-container:latest Container suse/sl-micro/6.0/toolbox:latest Image SL-Micro Image SL-Micro-Base Image SL-Micro-Base-RT Image SL-Micro-Base-RT-SelfInstall Image SL-Micro-Base-RT-encrypted Image SL-Micro-Base-SelfInstall Image SL-Micro-Base-encrypted Image SL-Micro-Base-qcow Image SL-Micro-Default Image SL-Micro-Default-SelfInstall Image SL-Micro-Default-encrypted Image SL-Micro-Default-qcow Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE SUSE Linux Enterprise Server 16.0 openSUSE Tumbleweed govulncheck-vulndb-0.0.20250108T191942-1.1 govulncheck-vulndb-0.0.20250814T182633-160000.1.2 less-633-3.1 sudo-1.9.15p5-slfo.1.1_2.1 less-633-3.1 as a component of Container suse/sl-micro/6.0/baremetal-os-container:latest sudo-1.9.15p5-slfo.1.1_2.1 as a component of Container suse/sl-micro/6.0/baremetal-os-container:latest less-633-3.1 as a component of Container suse/sl-micro/6.0/toolbox:latest sudo-1.9.15p5-slfo.1.1_2.1 as a component of Container suse/sl-micro/6.0/toolbox:latest less-633-3.1 as a component of Image SL-Micro sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SL-Micro less-633-3.1 as a component of Image SL-Micro-Base sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SL-Micro-Base less-633-3.1 as a component of Image SL-Micro-Base-RT sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SL-Micro-Base-RT less-633-3.1 as a component of Image SL-Micro-Base-RT-SelfInstall sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SL-Micro-Base-RT-SelfInstall less-633-3.1 as a component of Image SL-Micro-Base-RT-encrypted sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SL-Micro-Base-RT-encrypted less-633-3.1 as a component of Image SL-Micro-Base-SelfInstall sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SL-Micro-Base-SelfInstall less-633-3.1 as a component of Image SL-Micro-Base-encrypted sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SL-Micro-Base-encrypted less-633-3.1 as a component of Image SL-Micro-Base-qcow sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SL-Micro-Base-qcow less-633-3.1 as a component of Image SL-Micro-Default sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SL-Micro-Default less-633-3.1 as a component of Image SL-Micro-Default-SelfInstall sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SL-Micro-Default-SelfInstall less-633-3.1 as a component of Image SL-Micro-Default-encrypted sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SL-Micro-Default-encrypted less-633-3.1 as a component of Image SL-Micro-Default-qcow sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SL-Micro-Default-qcow less-633-3.1 as a component of Image SLE-Micro sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SLE-Micro less-633-3.1 as a component of Image SLE-Micro-Azure sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SLE-Micro-Azure less-633-3.1 as a component of Image SLE-Micro-BYOS sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SLE-Micro-BYOS less-633-3.1 as a component of Image SLE-Micro-BYOS-Azure sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SLE-Micro-BYOS-Azure less-633-3.1 as a component of Image SLE-Micro-BYOS-EC2 sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SLE-Micro-BYOS-EC2 less-633-3.1 as a component of Image SLE-Micro-BYOS-GCE sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SLE-Micro-BYOS-GCE less-633-3.1 as a component of Image SLE-Micro-EC2 sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SLE-Micro-EC2 less-633-3.1 as a component of Image SLE-Micro-GCE sudo-1.9.15p5-slfo.1.1_2.1 as a component of Image SLE-Micro-GCE govulncheck-vulndb-0.0.20250814T182633-160000.1.2 as a component of SUSE Linux Enterprise Server 16.0 govulncheck-vulndb-0.0.20250108T191942-1.1 as a component of openSUSE Tumbleweed Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTP(s) URL to retrieve the custom resource definitions(CRDs) needed by Karmada. The CRDs are downloaded as a gzipped tarfile and are vulnerable to a TarSlip vulnerability. An attacker able to supply a malicious CRD file into a Karmada initialization could write arbitrary files in arbitrary paths of the filesystem. From Karmada version 1.12.0, when processing custom CRDs files, CRDs archive verification is utilized to enhance file system robustness. A workaround is available. Someone who needs to set flag `--crd` to customize the CRD files required for Karmada initialization when using `karmadactl init` to set up Karmada can manually inspect the CRD files to check whether they contain sequences such as `../` that would alter file paths, to determine if they potentially include malicious files. When using karmada-operator to set up Karmada, one must upgrade one's karmada-operator to one of the fixed versions. CVE-2024-56514 Container suse/sl-micro/6.0/baremetal-os-container:latest:less-633-3.1 Container suse/sl-micro/6.0/baremetal-os-container:latest:sudo-1.9.15p5-slfo.1.1_2.1 Container suse/sl-micro/6.0/toolbox:latest:less-633-3.1 Container suse/sl-micro/6.0/toolbox:latest:sudo-1.9.15p5-slfo.1.1_2.1 Image SL-Micro:less-633-3.1 Image SL-Micro:sudo-1.9.15p5-slfo.1.1_2.1 Image SL-Micro-Base:less-633-3.1 Image SL-Micro-Base:sudo-1.9.15p5-slfo.1.1_2.1 Image SL-Micro-Base-RT:less-633-3.1 Image SL-Micro-Base-RT:sudo-1.9.15p5-slfo.1.1_2.1 Image SL-Micro-Base-RT-SelfInstall:less-633-3.1 Image SL-Micro-Base-RT-SelfInstall:sudo-1.9.15p5-slfo.1.1_2.1 Image SL-Micro-Base-RT-encrypted:less-633-3.1 Image SL-Micro-Base-RT-encrypted:sudo-1.9.15p5-slfo.1.1_2.1 Image SL-Micro-Base-SelfInstall:less-633-3.1 Image SL-Micro-Base-SelfInstall:sudo-1.9.15p5-slfo.1.1_2.1 Image SL-Micro-Base-VMware:less-633-3.1 Image SL-Micro-Base-VMware:sudo-1.9.15p5-slfo.1.1_2.1 Image SL-Micro-Base-encrypted:less-633-3.1 Image SL-Micro-Base-encrypted:sudo-1.9.15p5-slfo.1.1_2.1 Image SL-Micro-Base-qcow:less-633-3.1 Image SL-Micro-Base-qcow:sudo-1.9.15p5-slfo.1.1_2.1 Image SL-Micro-Default:less-633-3.1 Image SL-Micro-Default:sudo-1.9.15p5-slfo.1.1_2.1 Image SL-Micro-Default-SelfInstall:less-633-3.1 Image SL-Micro-Default-SelfInstall:sudo-1.9.15p5-slfo.1.1_2.1 Image SL-Micro-Default-VMware:less-633-3.1 Image SL-Micro-Default-VMware:sudo-1.9.15p5-slfo.1.1_2.1 Image SL-Micro-Default-encrypted:less-633-3.1 Image SL-Micro-Default-encrypted:sudo-1.9.15p5-slfo.1.1_2.1 Image SL-Micro-Default-qcow:less-633-3.1 Image SL-Micro-Default-qcow:sudo-1.9.15p5-slfo.1.1_2.1 Image SLE-Micro:less-633-3.1 Image SLE-Micro:sudo-1.9.15p5-slfo.1.1_2.1 Image SLE-Micro-Azure:less-633-3.1 Image SLE-Micro-Azure:sudo-1.9.15p5-slfo.1.1_2.1 Image SLE-Micro-BYOS:less-633-3.1 Image SLE-Micro-BYOS:sudo-1.9.15p5-slfo.1.1_2.1 Image SLE-Micro-BYOS-Azure:less-633-3.1 Image SLE-Micro-BYOS-Azure:sudo-1.9.15p5-slfo.1.1_2.1 Image SLE-Micro-BYOS-EC2:less-633-3.1 Image SLE-Micro-BYOS-EC2:sudo-1.9.15p5-slfo.1.1_2.1 Image SLE-Micro-BYOS-GCE:less-633-3.1 Image SLE-Micro-BYOS-GCE:sudo-1.9.15p5-slfo.1.1_2.1 Image SLE-Micro-EC2:less-633-3.1 Image SLE-Micro-EC2:sudo-1.9.15p5-slfo.1.1_2.1 Image SLE-Micro-GCE:less-633-3.1 Image SLE-Micro-GCE:sudo-1.9.15p5-slfo.1.1_2.1 SUSE Linux Enterprise Server 16.0:govulncheck-vulndb-0.0.20250814T182633-160000.1.2 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250108T191942-1.1 moderate