CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
AI Score
Confidence
High
EPSS
Percentile
59.9%
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn’t also set the effective group id. So when it creates the new version, mtab.tmp, it’s created with the group id of the user running mount.ecryptfs_private.
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
AI Score
Confidence
High
EPSS
Percentile
59.9%