First published: Wed Jun 08 2022(Updated: )
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Firejail Project Firejail | =0.9.68 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
debian/firejail | <=0.9.68-3<=0.9.64.4-2 | 0.9.68-4 0.9.64.4-2+deb11u1 0.9.58.2-2+deb10u3 |
debian/firejail | 0.9.58.2-2+deb10u3 0.9.64.4-2+deb11u1 0.9.72-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-31214 is a Privilege Context Switching issue discovered in join.c in Firejail 0.9.68.
CVE-2022-31214 allows a local attacker to enter an environment where the Linux user namespace is still the initial user namespace.
CVE-2022-31214 has a severity rating of 7.8 (high).
Firejail version 0.9.68 is affected by CVE-2022-31214.
To fix CVE-2022-31214, update Firejail to version 0.9.68-4 or later.