fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pamfprintd.so" for Sudo. NOTE: the supplier disputes this because they believe issue resolution would involve modifying the PAM configuration to restrict pamfprintd.so to front-ends that implement a proper attention mechanism, not modifying pam_fprintd.so or fprintd.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/37xxx/CVE-2024-37408.json",
"cna_assigner": "mitre",
"isDisputed": true
}