5.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
webkit2gtk is vulnerable to privilege escalation. The vulnerability exists due to a VFS syscalls that manipulate its filesystem namespace that allows an attacker to escalate its privilege.
www.openwall.com/lists/oss-security/2021/10/26/9
www.openwall.com/lists/oss-security/2021/10/27/1
www.openwall.com/lists/oss-security/2021/10/27/2
www.openwall.com/lists/oss-security/2021/10/27/4
bugs.webkit.org/show_bug.cgi?id=231479
github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
lists.fedoraproject.org/archives/list/[email protected]/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/
lists.fedoraproject.org/archives/list/[email protected]/message/M5J2LZQTDX53DNSKSGU7TQYCO2HKSTY4/
lists.fedoraproject.org/archives/list/[email protected]/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/
secdb.alpinelinux.org/edge/community.yaml
www.debian.org/security/2021/dsa-4995
www.debian.org/security/2021/dsa-4996
5.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P