1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.6 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.3%
Issue Overview:
A flaw was found in the Linux kernel’s util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an “INPUTRC” environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. (CVE-2022-0563)
Affected Packages:
util-linux
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update util-linux to update your system.
New Packages:
aarch64:
util-linux-2.30.2-2.amzn2.0.10.aarch64
libfdisk-2.30.2-2.amzn2.0.10.aarch64
libfdisk-devel-2.30.2-2.amzn2.0.10.aarch64
libsmartcols-2.30.2-2.amzn2.0.10.aarch64
libsmartcols-devel-2.30.2-2.amzn2.0.10.aarch64
libmount-2.30.2-2.amzn2.0.10.aarch64
libmount-devel-2.30.2-2.amzn2.0.10.aarch64
libblkid-2.30.2-2.amzn2.0.10.aarch64
libblkid-devel-2.30.2-2.amzn2.0.10.aarch64
libuuid-2.30.2-2.amzn2.0.10.aarch64
libuuid-devel-2.30.2-2.amzn2.0.10.aarch64
uuidd-2.30.2-2.amzn2.0.10.aarch64
python-libmount-2.30.2-2.amzn2.0.10.aarch64
util-linux-user-2.30.2-2.amzn2.0.10.aarch64
util-linux-debuginfo-2.30.2-2.amzn2.0.10.aarch64
i686:
util-linux-2.30.2-2.amzn2.0.10.i686
libfdisk-2.30.2-2.amzn2.0.10.i686
libfdisk-devel-2.30.2-2.amzn2.0.10.i686
libsmartcols-2.30.2-2.amzn2.0.10.i686
libsmartcols-devel-2.30.2-2.amzn2.0.10.i686
libmount-2.30.2-2.amzn2.0.10.i686
libmount-devel-2.30.2-2.amzn2.0.10.i686
libblkid-2.30.2-2.amzn2.0.10.i686
libblkid-devel-2.30.2-2.amzn2.0.10.i686
libuuid-2.30.2-2.amzn2.0.10.i686
libuuid-devel-2.30.2-2.amzn2.0.10.i686
uuidd-2.30.2-2.amzn2.0.10.i686
python-libmount-2.30.2-2.amzn2.0.10.i686
util-linux-user-2.30.2-2.amzn2.0.10.i686
util-linux-debuginfo-2.30.2-2.amzn2.0.10.i686
src:
util-linux-2.30.2-2.amzn2.0.10.src
x86_64:
util-linux-2.30.2-2.amzn2.0.10.x86_64
libfdisk-2.30.2-2.amzn2.0.10.x86_64
libfdisk-devel-2.30.2-2.amzn2.0.10.x86_64
libsmartcols-2.30.2-2.amzn2.0.10.x86_64
libsmartcols-devel-2.30.2-2.amzn2.0.10.x86_64
libmount-2.30.2-2.amzn2.0.10.x86_64
libmount-devel-2.30.2-2.amzn2.0.10.x86_64
libblkid-2.30.2-2.amzn2.0.10.x86_64
libblkid-devel-2.30.2-2.amzn2.0.10.x86_64
libuuid-2.30.2-2.amzn2.0.10.x86_64
libuuid-devel-2.30.2-2.amzn2.0.10.x86_64
uuidd-2.30.2-2.amzn2.0.10.x86_64
python-libmount-2.30.2-2.amzn2.0.10.x86_64
util-linux-user-2.30.2-2.amzn2.0.10.x86_64
util-linux-debuginfo-2.30.2-2.amzn2.0.10.x86_64
Red Hat: CVE-2022-0563
Mitre: CVE-2022-0563
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 2 | aarch64 | util-linux | < 2.30.2-2.amzn2.0.10 | util-linux-2.30.2-2.amzn2.0.10.aarch64.rpm |
Amazon Linux | 2 | aarch64 | libfdisk | < 2.30.2-2.amzn2.0.10 | libfdisk-2.30.2-2.amzn2.0.10.aarch64.rpm |
Amazon Linux | 2 | aarch64 | libfdisk-devel | < 2.30.2-2.amzn2.0.10 | libfdisk-devel-2.30.2-2.amzn2.0.10.aarch64.rpm |
Amazon Linux | 2 | aarch64 | libsmartcols | < 2.30.2-2.amzn2.0.10 | libsmartcols-2.30.2-2.amzn2.0.10.aarch64.rpm |
Amazon Linux | 2 | aarch64 | libsmartcols-devel | < 2.30.2-2.amzn2.0.10 | libsmartcols-devel-2.30.2-2.amzn2.0.10.aarch64.rpm |
Amazon Linux | 2 | aarch64 | libmount | < 2.30.2-2.amzn2.0.10 | libmount-2.30.2-2.amzn2.0.10.aarch64.rpm |
Amazon Linux | 2 | aarch64 | libmount-devel | < 2.30.2-2.amzn2.0.10 | libmount-devel-2.30.2-2.amzn2.0.10.aarch64.rpm |
Amazon Linux | 2 | aarch64 | libblkid | < 2.30.2-2.amzn2.0.10 | libblkid-2.30.2-2.amzn2.0.10.aarch64.rpm |
Amazon Linux | 2 | aarch64 | libblkid-devel | < 2.30.2-2.amzn2.0.10 | libblkid-devel-2.30.2-2.amzn2.0.10.aarch64.rpm |
Amazon Linux | 2 | aarch64 | libuuid | < 2.30.2-2.amzn2.0.10 | libuuid-2.30.2-2.amzn2.0.10.aarch64.rpm |
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.6 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.3%