CVE-2022-31214
First published: Wed Jun 08 2022(Updated: )
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firejail Project Firejail | =0.9.68 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| Fedoraproject Fedora | =37 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| debian/firejail | <=0.9.68-3<=0.9.64.4-2 | 0.9.68-4 0.9.64.4-2+deb11u1 0.9.58.2-2+deb10u3 |
| debian/firejail | 0.9.58.2-2+deb10u3 0.9.64.4-2+deb11u1 0.9.72-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://firejail.wordpress.com/download-2/release-notes/
- https://lists.debian.org/debian-lts-announce/2022/06/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RZOTZ36RUSL6DOVHITY25ZYKWTG5HN3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUZZ5M6LIBYRKTKGROXC47TDC3FRTGJF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIBEBE3KFINMGJATBQQS7D2VQQ62ZVMF/
- https://security.gentoo.org/glsa/202305-19
- https://www.debian.org/security/2022/dsa-5167
- https://www.openwall.com/lists/oss-security/2022/06/08/10
- https://security-tracker.debian.org/tracker/CVE-2022-31214
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31214
- https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50
- https://github.com/netblue30/firejail/commit/dab835e7a0eb287822016f5ae4e87f46e1d363e7
- https://github.com/netblue30/firejail/commit/1884ea22a90d225950d81c804f1771b42ae55f54
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012510
- https://github.com/netblue30/firejail/commit/04ff0edf74395ddcbbcec955279c74ed9a6c0f86
- https://github.com/netblue30/firejail/files/8913178/CVE-2022-31214.zip
Frequently Asked Questions
What is CVE-2022-31214?
CVE-2022-31214 is a Privilege Context Switching issue discovered in join.c in Firejail 0.9.68.
How does CVE-2022-31214 impact Firejail?
CVE-2022-31214 allows a local attacker to enter an environment where the Linux user namespace is still the initial user namespace.
What is the severity of CVE-2022-31214?
CVE-2022-31214 has a severity rating of 7.8 (high).
Which software versions are affected by CVE-2022-31214?
Firejail version 0.9.68 is affected by CVE-2022-31214.
How can I fix CVE-2022-31214?
To fix CVE-2022-31214, update Firejail to version 0.9.68-4 or later.
- collector/nvd-index
- collector/debian-bugs
- alias/CVE-2022-31214
- collector/security-tracker-debian
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- vendor/firejail project
- canonical/firejail project firejail
- version/firejail project firejail/0.9.68
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- version/fedoraproject fedora/37
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- package-manager/debian