7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.7%
firejail is vulnerable to privilege escalation. The vulnerability exists due to a Privilege Context Switching issue allowing an attacker to craft a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target allowing a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace with NO_NEW_PRIVS prctl unactivated, and the entered mount namespace is under the attacker’s control.
firejail.wordpress.com/download-2/release-notes/
lists.debian.org/debian-lts-announce/2022/06/msg00023.html
lists.fedoraproject.org/archives/list/[email protected]/message/6RZOTZ36RUSL6DOVHITY25ZYKWTG5HN3/
lists.fedoraproject.org/archives/list/[email protected]/message/KUZZ5M6LIBYRKTKGROXC47TDC3FRTGJF/
lists.fedoraproject.org/archives/list/[email protected]/message/SIBEBE3KFINMGJATBQQS7D2VQQ62ZVMF/
security-tracker.debian.org/tracker/CVE-2022-31214
security.gentoo.org/glsa/202305-19
www.debian.org/security/2022/dsa-5167
www.openwall.com/lists/oss-security/2022/06/08/10
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.7%