Name of the Vulnerable Software and Affected Versions:

Enlightenment versions prior to 0.25.4

Description:

The issue is related to the Enlightenment window manager's system file, specifically with the `enlightenment sys` component. It is setuid root and mishandles pathnames that begin with a `/dev/..` substring, allowing local users to gain privileges. This can lead to privilege escalation, potentially giving an attacker root privileges. The exploit has been tested on Ubuntu 22.04 but is expected to work on other distributions as well.

Recommendations:

For versions prior to 0.25.4, update to version 0.25.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `enlightenment sys` component until a patch is available. Avoid using pathnames that begin with a `/dev/..` substring in the affected system library function.