CVE-2022-23220
Summary
| CVE | CVE-2022-23220 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-01-21 16:15:00 UTC |
|---|
| Updated | 2023-11-09 20:56:00 UTC |
|---|
| Description | USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| oss-security - Re: usbview polkit policy local root exploit
(CVE-2022-23220) |
MLIST |
www.openwall.com |
|
| Debian -- Security Information -- DSA-5052-1 usbview |
DEBIAN |
www.debian.org |
|
| org.freedesktop.pkexec.usbview.policy: fix a local root privilege esc… · gregkh/usbview@bf374fa · GitHub |
MISC |
github.com |
|
| oss-security - usbview polkit policy local root exploit (CVE-2022-23220) |
MISC |
www.openwall.com |
|
| USBView: root privilege escalation via insecure polkit settings (GLSA 202310-15) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 179016 Debian Security Update for usbview (DSA 5052-1)
- 183504 Debian Security Update for usbview (CVE-2022-23220)
- 198642 Ubuntu Security Notification for USBView Vulnerability (USN-5249-1)
- 282310 Fedora Security Update for usbview (FEDORA-2022-256142639c)
- 282311 Fedora Security Update for usbview (FEDORA-2022-421e65c5d4)
- 710774 Gentoo Linux USBView root privilege escalation via insecure polkit settings Vulnerability (GLSA 202310-15)
