firejail is vulnerable to privilege escalation. The vulnerability exists due to a Privilege Context Switching issue allowing an attacker to craft a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target allowing a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace with NO_NEW_PRIVS prctl unactivated, and the entered mount namespace is under the attacker’s control.
firejail.wordpress.com/download-2/release-notes/
lists.debian.org/debian-lts-announce/2022/06/msg00023.html
lists.fedoraproject.org/archives/list/[email protected]/message/6RZOTZ36RUSL6DOVHITY25ZYKWTG5HN3/
lists.fedoraproject.org/archives/list/[email protected]/message/KUZZ5M6LIBYRKTKGROXC47TDC3FRTGJF/
lists.fedoraproject.org/archives/list/[email protected]/message/SIBEBE3KFINMGJATBQQS7D2VQQ62ZVMF/
security-tracker.debian.org/tracker/CVE-2022-31214
security.gentoo.org/glsa/202305-19
www.debian.org/security/2022/dsa-5167
www.openwall.com/lists/oss-security/2022/06/08/10