PT-2022-17215 · Fscrypt+2 · Fscrypt+2

Matthias Gerstner

Published

2022-02-25

Updated

2024-08-21

CVE-2022-25327

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions fscrypt versions prior to 0.3.3

Description The PAM module for fscrypt does not adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system.

Recommendations For versions prior to 0.3.3, we recommend upgrading to version 0.3.3 or above. As a temporary workaround, consider restricting access to the creation of fscrypt metadata files to minimize the risk of exploitation.

Fix

DoS

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255CWE-276

Related Identifiers

ALT-PU-2023-1941

CVE-2022-25327

GHSA-8VWM-8VJ8-RQJF

GHSA-P93V-M2R2-4387

GO-2022-0340

OPENSUSE-SU-2024:11902-1

Affected Products

Alt Linux

Debian

Fscrypt

PT-2022-17215 · Fscrypt+2 · Fscrypt+2

CVE-2022-25327

Weakness Enumeration

Related Identifiers

Affected Products

References · 26