Vulnerability Details : CVE-2022-1117
A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.
Products affected by CVE-2022-1117
- cpe:2.3:a:fapolicyd_project:fapolicyd:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-1117
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-1117
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.4
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.5
|
5.9
|
NIST |
CWE ids for CVE-2022-1117
-
The product makes files or directories accessible to unauthorized actors, even though they should not be.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
References for CVE-2022-1117
-
https://bugzilla.redhat.com/show_bug.cgi?id=2066904
Bug Access DeniedPermissions Required;Third Party Advisory
-
https://access.redhat.com/security/cve/CVE-2022-1117
CVE-2022-1117- Red Hat Customer PortalThird Party Advisory
-
https://github.com/linux-application-whitelisting/fapolicyd/commit/38a942613f93824c53164730b2b7a2f75b8cd263
Fix for CVE-2022-1117 · linux-application-whitelisting/fapolicyd@38a9426 · GitHubPatch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2068171
2068171 – (CVE-2022-1117) CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so pathIssue Tracking;Third Party Advisory
Jump to