Blocker What were you trying to do that didn't work?
Verify that CVE-2024-53920 was remediated across all supported RHEL major versions. EL8 and EL9 have received patches (RHSA-2025:11030 and RHSA-2025:4787 respectively), but EL10 ships emacs-29.4-9.el10 with no fix applied.
What is the impact of this issue to you?
CentOS Stream 10 / RHEL 10 users running emacs are exposed to arbitrary code execution via Lisp macro expansion (CVSS 7.8) when opening untrusted .el files with code completion or on-the-fly byte compilation enabled. This is patched on older releases but not on the newest.
Please provide the package NVR for which the bug is seen:
emacs-29.4-9.el10.x86_64
How reproducible is this bug?:
Always — the vulnerable code path is present in all GNU Emacs versions before 30.1.
Steps to reproduce
- Install emacs-29.4-9.el10 from CentOS Stream 10
- Open an untrusted .el file with Flymake or elisp-completion-at-point enabled
- Malicious macro expansion executes arbitrary code
Expected results
emacs on EL10 includes a backport of the CVE-2024-53920 fix, consistent with EL8 and EL9
Actual results
EL10 ships vulnerable emacs-29.4 with no patch applied