Vulnerability Details : CVE-2022-31214
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo.
Products affected by CVE-2022-31214
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
- cpe:2.3:a:firejail_project:firejail:0.9.68:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-31214
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-31214
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2022-31214
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-31214
-
https://security.gentoo.org/glsa/202305-19
Firejail: Local Privilege Escalation (GLSA 202305-19) — Gentoo security
-
https://firejail.wordpress.com/download-2/release-notes/
Release Notes | FirejailRelease Notes;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RZOTZ36RUSL6DOVHITY25ZYKWTG5HN3/
[SECURITY] Fedora 35 Update: firejail-0.9.70-1.fc35 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIBEBE3KFINMGJATBQQS7D2VQQ62ZVMF/
[SECURITY] Fedora 37 Update: firejail-0.9.70-1.fc37 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://www.openwall.com/lists/oss-security/2022/06/08/10
oss-security - firejail: local root exploit reachable via --join logic (CVE-2022-31214)Mailing List;Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUZZ5M6LIBYRKTKGROXC47TDC3FRTGJF/
[SECURITY] Fedora 36 Update: firejail-0.9.70-1.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2022/06/msg00023.html
[SECURITY] [DLA 3061-1] firejail security updateMailing List;Third Party Advisory
-
https://www.debian.org/security/2022/dsa-5167
Debian -- Security Information -- DSA-5167-1 firejailThird Party Advisory
Jump to