oss-sec: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems
https://seclists.org/oss-sec/2024/q3/2
Regression in signal handler.
This vulnerability is exploitable remotely on glibc-based Linux systems, where syslog() itself calls async-signal-unsafe functions (for example, malloc() and free()): an unauthenticated remote code execution as root, because it affects sshd's privileged code, which is not sandboxed and runs with full privileges.