CVE-2022-1348

🗓️ 25 May 2022 00:00:00Reported by ubuntu.comType

A vulnerability found in logrotate allows unprivileged users to stop log rotation by locking the world-readable state file. Affects logrotate versions before 3.20.0 and logrotate >= 3.17.0

Reporter	Title	Published	Views	Family All 61
Tenable Nessus	Amazon Linux 2022 : logrotate (ALAS2022-2022-084)	6 Sep 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2022 : logrotate (ALAS2022-2022-095)	6 Sep 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2022 : logrotate (ALAS2022-2022-189)	4 Nov 202200:00	–	nessus
Tenable Nessus	AlmaLinux 9 : logrotate (ALSA-2022:8393)	18 Nov 202200:00	–	nessus
Tenable Nessus	MiracleLinux 9 : logrotate-3.18.0-7.el9 (AXSA:2023-4595:01)	20 Jan 202600:00	–	nessus
Tenable Nessus	Oracle Linux 9 : logrotate (ELSA-2022-8393)	22 Nov 202200:00	–	nessus
Tenable Nessus	Photon OS 4.0: Logrotate PHSA-2023-4.0-0349	23 Jul 202400:00	–	nessus
Tenable Nessus	RHEL 9 : logrotate (RHSA-2022:8393)	16 Nov 202200:00	–	nessus
Tenable Nessus	Rocky Linux 9 : logrotate (RLSA-2022:8393)	7 Nov 202300:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : logrotate (SUSE-SU-2022:2396-1)	15 Jul 202200:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	21.10	any	logrotate	3.18.0-2ubuntu1.1	logrotate_3.18.0-2ubuntu1.1_any.deb
Ubuntu	22.04	any	logrotate	3.19.0-1ubuntu1.1	logrotate_3.19.0-1ubuntu1.1_any.deb
Ubuntu	22.10	any	logrotate	3.20.1-1ubuntu1	logrotate_3.20.1-1ubuntu1_any.deb

Source	Link
github	www.github.com/logrotate/logrotate/blame/master/logrotate.c
github	www.github.com/logrotate/logrotate/commit/f46d0bdfc9c53515c13880c501f4d2e1e7dd8b25
ubuntu	www.ubuntu.com/security/notices/USN-5447-1
cve	www.cve.org/CVERecord

25 Aug 2025 23:48Current

6.5Medium risk

Vulners AI Score6.5

CVSS 24

CVSS 3.16.5

EPSS0.0149

SSVC