CVE-2022-31214
CVSS V2 High 7.2
CVSS V3 High 7.8
Description
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo.
Overview
- CVE ID
- CVE-2022-31214
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2022-06-09T16:15:08
- Last Modified Date
- 2022-10-27T16:15:41
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:firejail_project:firejail:0.9.68:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- Access Vector
- LOCAL
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- COMPLETE
- Availability Impact
- COMPLETE
- Base Score
- 7.2
- Severity
- HIGH
- Exploitability Score
- 3.9
- Impact Score
- 10
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- LOCAL
- Attack Compatibility
- LOW
- Privileges Required
- LOW
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 7.8
- Base Severity
- HIGH
- Exploitability Score
- 1.8
- Impact Score
- 5.9
References
| Reference URL | Reference Tags |
|---|---|
| https://firejail.wordpress.com/download-2/release-notes/ | Release Notes Third Party Advisory |
| https://lists.debian.org/debian-lts-announce/2022/06/msg00023.html | Mailing List Third Party Advisory |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RZOTZ36RUSL6DOVHITY25ZYKWTG5HN3/ | Mailing List Third Party Advisory |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUZZ5M6LIBYRKTKGROXC47TDC3FRTGJF/ | Mailing List Third Party Advisory |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIBEBE3KFINMGJATBQQS7D2VQQ62ZVMF/ | Mailing List Third Party Advisory |
| https://www.debian.org/security/2022/dsa-5167 | Third Party Advisory |
| https://www.openwall.com/lists/oss-security/2022/06/08/10 | Mailing List Patch Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-31214 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31214 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-06-09 17:00:07 | Added to TrackCVE |