Candidate: CVE-2022-25326
PublicDate: 2022-02-25 11:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25326
 https://www.openwall.com/lists/oss-security/2022/02/24/1
 https://github.com/google/fscrypt/commit/6e355131670ad014e45f879475ddf800f0080d41
Description:
 fscrypt through v0.3.2 creates a world-writable directory by default when
 setting up a filesystem, allowing unprivileged users to exhaust filesystem
 space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the
 permissions on existing fscrypt metadata directories where applicable.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_fscrypt:
 upstream: https://github.com/google/fscrypt/commit/6e355131670ad014e45f879475ddf800f0080d41
upstream_fscrypt: released (0.3.3)
trusty_fscrypt: ignored (out of standard support)
xenial_fscrypt: ignored (out of standard support)
bionic_fscrypt: needed
focal_fscrypt: needed
impish_fscrypt: needed
jammy_fscrypt: not-affected (0.3.3-1)
devel_fscrypt: not-affected (0.3.3-1)