The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).
[
{
"product": "fscrypt",
"vendor": "The fscrypt Project",
"versions": [
{
"status": "affected",
"version": "before 0.2.4"
}
]
}
]