CVE-2022-37706
Summary
| CVE | CVE-2022-37706 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-12-25 19:15:00 UTC |
|---|
| Updated | 2023-01-04 20:30:00 UTC |
|---|
| Description | enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| move to 0.25.4 for micro release · cae78cbb16 - enlightenment - Enlightenment GIT |
MISC |
git.enlightenment.org |
|
| GitHub - MaherAzzouzi/CVE-2022-37706-LPE-exploit: A reliable exploit + write-up to elevate privileges to root. (Tested on Ubuntu 22.04) |
MISC |
github.com |
|
| enlightenment_sys - fix security hole CVE-2022-37706 · cc7faeccf7 - enlightenment - Enlightenment GIT |
MISC |
git.enlightenment.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181063 Debian Security Update for e17 (DLA 3115-1)
- 181069 Debian Security Update for e17 (DSA 5233-1)
- 182634 Debian Security Update for e17 (CVE-2022-37706)
- 283164 Fedora Security Update for efl (FEDORA-2022-bafb72fdc0)
- 283165 Fedora Security Update for efl (FEDORA-2022-0cc77b384a)
