CVE-2022-0563

CVE	CVE-2022-0563
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-02-21 19:15:00 UTC
Updated	2024-01-07 09:15:00 UTC
Description	A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

Problem Types: CWE-209

Type	Vendor	Product	Version	Update	Edition	Language
Application	Kernel	Util-linux	All	All	All	All
Application	Netapp	Ontap Select Deploy Administration Utility	-	All	All	All

Reference	Source	Link	Tags
[ANNOUNCE] util-linux v2.37.4		lore.kernel.org
CVE-2022-0563 Util-linux Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
GLSA-202401-08		security.gentoo.org
[ANNOUNCE] util-linux v2.37.4	MISC	lore.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

282389 Fedora Security Update for util (FEDORA-2022-b7de97d0a9)
354120 Amazon Linux Security Advisory for util-linux : ALAS2-2022-1901
354387 Amazon Linux Security Advisory for util-linux : ALAS2022-2022-099
354474 Amazon Linux Security Advisory for util-linux : ALAS2022-2022-218
354581 Amazon Linux Security Advisory for util-linux : ALAS-2022-218
355340 Amazon Linux Security Advisory for util-linux : ALAS2023-2023-024
500714 Alpine Linux Security Update for util-linux
504488 Alpine Linux Security Update for util-linux
591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
6140396 AWS Bottlerocket Security Update for util-linux (GHSA-mv4q-wq4c-5xmg)
671582 EulerOS Security Update for util-linux (EulerOS-SA-2022-1590)
671740 EulerOS Security Update for util-linux (EulerOS-SA-2022-1815)
671742 EulerOS Security Update for util-linux (EulerOS-SA-2022-1798)
671809 EulerOS Security Update for util-linux (EulerOS-SA-2022-1855)
671823 EulerOS Security Update for util-linux (EulerOS-SA-2022-1879)
710828 Gentoo Linux util-linux Multiple Vulnerabilities (GLSA 202401-08)
900727 Common Base Linux Mariner (CBL-Mariner) Security Update for util-linux (8838)
901326 Common Base Linux Mariner (CBL-Mariner) Security Update for util-linux (8838-1)
901867 Common Base Linux Mariner (CBL-Mariner) Security Update for util-linux (8841)
902247 Common Base Linux Mariner (CBL-Mariner) Security Update for util-linux (8841-1)