Lucene search

K

Veracode Vulnerability DatabaseVERACODE:35967

HistoryJun 13, 2022 - 2:16 p.m.

Privilege Escalation

2022-06-1314:16:28

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

11

firejail

privilege escalation

vulnerability

linux user namespace

software

EPSS

0

Percentile

5.1%

firejail is vulnerable to privilege escalation. The vulnerability exists due to a Privilege Context Switching issue allowing an attacker to craft a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target allowing a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace with NO_NEW_PRIVS prctl unactivated, and the entered mount namespace is under the attacker’s control.

References

firejail.wordpress.com/download-2/release-notes/

lists.debian.org/debian-lts-announce/2022/06/msg00023.html

lists.fedoraproject.org/archives/list/[email protected]/message/6RZOTZ36RUSL6DOVHITY25ZYKWTG5HN3/

lists.fedoraproject.org/archives/list/[email protected]/message/KUZZ5M6LIBYRKTKGROXC47TDC3FRTGJF/

lists.fedoraproject.org/archives/list/[email protected]/message/SIBEBE3KFINMGJATBQQS7D2VQQ62ZVMF/

security-tracker.debian.org/tracker/CVE-2022-31214

security.gentoo.org/glsa/202305-19

www.debian.org/security/2022/dsa-5167

www.openwall.com/lists/oss-security/2022/06/08/10

EPSS

0

Percentile

5.1%

Related for VERACODE:35967

debiancve1 openvas7 osv3 fedora3 suse2 cve1 nessus4 mageia1 altlinux1 ubuntucve1 gentoo1 prion1 debian2 cvelist1 nvd1