Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

UBUNTU-CVE-2024-53920 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceUBUNTU-CVE-2024-53920

UBUNTU-CVE-2024-53920

HIGH7.8

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that

Published Nov 27, 2024

Modified 2 months ago

Fix available

Details

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

Affected Packages(17 packages)

xemacs21

Ubuntu 16.04 LTS

Affected versions:

21.4.22-14ubuntu121.4.22-4ubuntu3

xemacs21-packages

Ubuntu 16.04 LTS

Affected versions:

2009.02.17.dfsg.2-2

xemacs21

Ubuntu 18.04 LTS

Affected versions:

21.4.24-4ubuntu121.4.24-5ubuntu1

xemacs21-packages

Ubuntu 18.04 LTS

Affected versions:

2009.02.17.dfsg.2-4

xemacs21

Ubuntu 20.04 LTS

Affected versions:

21.4.24-8build121.4.24-9

xemacs21-packages

Ubuntu 20.04 LTS

Affected versions:

2009.02.17.dfsg.2-42009.02.17.dfsg.2-5

xemacs21

Ubuntu 22.04 LTS

Affected versions:

21.4.24-9ubuntu2

xemacs21-packages

Ubuntu 22.04 LTS

Affected versions:

2009.02.17.dfsg.2-5

xemacs21

Ubuntu 24.04 LTS

Affected versions:

21.4.24-1221.4.24-12build221.4.24-12build3

xemacs21-packages

Ubuntu 24.04 LTS

Affected versions:

2009.02.17.dfsg.3-22009.02.17.dfsg.3-3

References

https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html

https://git.savannah.gnu.org/cgit/emacs.git/tag/?h=emacs-30.0.92

https://git.savannah.gnu.org/cgit/emacs.git/tree/ChangeLog.4

https://news.ycombinator.com/item?id=42256409

https://ubuntu.com/security/CVE-2024-53920

https://ubuntu.com/security/notices/USN-8011-1

https://www.cve.org/CVERecord?id=CVE-2024-53920

https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/

CVSS Analysis

CVSS v3.1

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Upstream

Related

Ecosystems(11)

Ubuntu 16.04 LTS Ubuntu 18.04 LTS Ubuntu 20.04 LTS Ubuntu 22.04 LTS Ubuntu 24.04 LTS

Timeline

PublishedNov 27, 2024

ModifiedFeb 10, 2026