CVE-2024-8996: 
Linux openSUSE vulnerability analysis and mitigation

CVE-2024-8996 is a high-severity vulnerability affecting Grafana Agent (Flow mode) on Windows systems before version 0.43.2. The vulnerability was discovered and disclosed on September 25, 2024, and involves an unquoted search path or element vulnerability that could allow privilege escalation from a local user to SYSTEM level access (Grafana Advisory, NVD).

The vulnerability stems from the Grafana Agent Flow Windows installer not properly enclosing service executable paths in quotes. This implementation flaw is classified as CWE-428 (Unquoted Search Path or Element). The vulnerability has received a CVSS 3.1 base score of 7.3 HIGH (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) from Grafana Labs, while NIST assigned a slightly higher score of 7.8 HIGH (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) (NVD).

The vulnerability allows local users to escalate their privileges to SYSTEM level on Windows machines with Grafana Agent Flow mode installed. A local user could potentially exploit this by creating an executable named 'c:\Program.exe', which would then be executed with elevated privileges instead of the intended Grafana Agent Flow mode service (Grafana Blog).

Grafana Labs recommends completely removing the Grafana Agent Flow mode installation and performing a clean install of version 0.43.3 or later. Simply updating the software will not resolve the issue. Alternatively, administrators can manually add double quotes to the registry entry at Computer\HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\Grafana Agent Flow (Grafana Blog).