Candidate: CVE-2018-6558
CRD: 2018-08-23 17:00:00 UTC
PublicDate: 2018-08-23 19:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6558
Description:
 The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore
 primary and supplementary group IDs to the values associated with the root
 user, which allows attackers to gain privileges via a successful login
 through certain applications that use Linux-PAM (aka pam).
Ubuntu-Description: 
Notes: 
Bugs: 
 https://launchpad.net/bugs/1787548
 https://github.com/google/fscrypt/issues/77
Priority: medium
Discovered-by:
Assigned-to: tyhicks
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N [6.5 MEDIUM]

Patches_fscrypt:
upstream_fscrypt: needed
precise/esm_fscrypt: DNE
trusty_fscrypt: DNE
trusty/esm_fscrypt: DNE
xenial_fscrypt: DNE
bionic_fscrypt: released (0.2.2-0ubuntu2.1)
cosmic_fscrypt: ignored (reached end-of-life)
disco_fscrypt: not-affected (0.2.4-2)
devel_fscrypt: not-affected (0.2.4-2)