CVE-2022-31214 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-31214 Interim 1 8 2025-02-16T03:02:07Z current 2022-06-09T23:46:45Z 2025-02-16T03:02:07Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-31214 A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Y44WP6HYFSMERMHYQLJJNHIWG34P4MU4/ E-Mail link for openSUSE-SU-2022:10015-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BANQSQMV546D7IN75266REGOZOIGQEUH/ E-Mail link for openSUSE-SU-2022:10016-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP3 SUSE Package Hub 15 SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed firejail-0.9.68-3.1 firejail-0.9.70-bp153.2.6.1 firejail-0.9.70-bp154.2.3.1 firejail-bash-completion-0.9.68-3.1 firejail-bash-completion-0.9.70-bp154.2.3.1 firejail-zsh-completion-0.9.68-3.1 firejail-zsh-completion-0.9.70-bp154.2.3.1 firejail-0.9.70-bp153.2.6.1 as a component of SUSE Package Hub 15 SP3 firejail-0.9.70-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 firejail-bash-completion-0.9.70-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 firejail-zsh-completion-0.9.70-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 firejail-0.9.70-bp153.2.6.1 as a component of openSUSE Leap 15.3 firejail-0.9.70-bp154.2.3.1 as a component of openSUSE Leap 15.4 firejail-bash-completion-0.9.70-bp154.2.3.1 as a component of openSUSE Leap 15.4 firejail-zsh-completion-0.9.70-bp154.2.3.1 as a component of openSUSE Leap 15.4 firejail-0.9.68-3.1 as a component of openSUSE Tumbleweed firejail-bash-completion-0.9.68-3.1 as a component of openSUSE Tumbleweed firejail-zsh-completion-0.9.68-3.1 as a component of openSUSE Tumbleweed A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo. CVE-2022-31214 SUSE Package Hub 15 SP3:firejail-0.9.70-bp153.2.6.1 SUSE Package Hub 15 SP4:firejail-0.9.70-bp154.2.3.1 SUSE Package Hub 15 SP4:firejail-bash-completion-0.9.70-bp154.2.3.1 SUSE Package Hub 15 SP4:firejail-zsh-completion-0.9.70-bp154.2.3.1 openSUSE Leap 15.3:firejail-0.9.70-bp153.2.6.1 openSUSE Leap 15.4:firejail-0.9.70-bp154.2.3.1 openSUSE Leap 15.4:firejail-bash-completion-0.9.70-bp154.2.3.1 openSUSE Leap 15.4:firejail-zsh-completion-0.9.70-bp154.2.3.1 openSUSE Tumbleweed:firejail-0.9.68-3.1 openSUSE Tumbleweed:firejail-bash-completion-0.9.68-3.1 openSUSE Tumbleweed:firejail-zsh-completion-0.9.68-3.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H