CVE-2022-1117

high

Description

A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.

References

Advisories

https://github.com/linux-application-whitelisting/fapolicyd/commit/38a942613f93824c53164730b2b7a2f75b8cd263

https://bugzilla.redhat.com/show_bug.cgi?id=2068171

https://bugzilla.redhat.com/show_bug.cgi?id=2066904

https://access.redhat.com/security/cve/CVE-2022-1117

Details

Source: Mitre, NVD

Published: 2022-08-29

Updated: 2023-02-12

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00026