Upstream information

CVE-2022-31214 at MITRE

Description

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.2
Vector AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
CVSS v3 Scores
  National Vulnerability Database
Base Score 7.8
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Access Vector Local
Access Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1199148 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub 15 SP3
  • firejail >= 0.9.70-bp153.2.6.1
Patchnames:
openSUSE-2022-10015
SUSE Package Hub 15 SP4
  • firejail >= 0.9.70-bp154.2.3.1
  • firejail-bash-completion >= 0.9.70-bp154.2.3.1
  • firejail-zsh-completion >= 0.9.70-bp154.2.3.1
Patchnames:
openSUSE-2022-10016
openSUSE Leap 15.3
  • firejail >= 0.9.70-bp153.2.6.1
Patchnames:
openSUSE-2022-10015
openSUSE Leap 15.4
  • firejail >= 0.9.70-bp154.2.3.1
  • firejail-bash-completion >= 0.9.70-bp154.2.3.1
  • firejail-zsh-completion >= 0.9.70-bp154.2.3.1
Patchnames:
openSUSE-2022-10016
openSUSE Tumbleweed
  • firejail >= 0.9.68-3.1
  • firejail-bash-completion >= 0.9.68-3.1
  • firejail-zsh-completion >= 0.9.68-3.1
Patchnames:
openSUSE Tumbleweed GA firejail-0.9.68-3.1