CVE-2022-31214

2022-06-0916:15:00

Debian Security Bug Tracker

security-tracker.debian.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker’s control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo.

OSVersionArchitecturePackageVersionFilename
Debian12allfirejail< 0.9.68-4firejail_0.9.68-4_all.deb
Debian11allfirejail< 0.9.64.4-2+deb11u1firejail_0.9.64.4-2+deb11u1_all.deb
Debian10allfirejail< 0.9.58.2-2+deb10u3firejail_0.9.58.2-2+deb10u3_all.deb
Debian999allfirejail< 0.9.68-4firejail_0.9.68-4_all.deb
Debian13allfirejail< 0.9.68-4firejail_0.9.68-4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	firejail	< 0.9.68-4	firejail_0.9.68-4_all.deb
Debian	11	all	firejail	< 0.9.64.4-2+deb11u1	firejail_0.9.64.4-2+deb11u1_all.deb
Debian	10	all	firejail	< 0.9.58.2-2+deb10u3	firejail_0.9.58.2-2+deb10u3_all.deb
Debian	999	all	firejail	< 0.9.68-4	firejail_0.9.68-4_all.deb
Debian	13	all	firejail	< 0.9.68-4	firejail_0.9.68-4_all.deb