The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/google/fscrypt/pull/346 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: Google
Published: 2022-02-25T11:00:15.758184Z
Updated: 2024-09-16T18:44:12.219Z
Reserved: 2022-02-18T00:00:00
Link: CVE-2022-25328
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-02-25T11:15:08.120
Modified: 2024-11-21T06:52:00.670
Link: CVE-2022-25328
Redhat
No data.