Visual Studio Code for Linux Remote Code Execution Vulnerability

There is a security vulnerability in the save elevated flow with specially crafted workspaces.

Patches

The fix is available starting with VS Code 1.94.1. The fix is: 28000df

Workarounds

Do not use the flow in VS Code to save as elevated user, especially in workspaces you do not trust.

References

• The patch for this can be found at 28000df
• MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43601
• Security advisory: GHSA-g56j-w527-8x6f