The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).
CPE | Name | Operator | Version |
---|---|---|---|
github.com/google/fscrypt | lt | 0.2.4 |