Privilege escalation through command injection in fscrypt
CVE-2022-25328

5MEDIUM

Key Information:

Vendor: Google
Status: Fscrypt
Vendor: CVE Published:; 25 February 2022

What is CVE-2022-25328?

The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

fscrypt <= 0.3.2

References

https://github.com/google/fscrypt/pull/346

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 25, 2022
Vulnerability Reserved
Feb 18, 2022

Credit

Matthias Gerstner of SUSE

JSON

Google

What is CVE-2022-25328?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.