Re: usbview polkit policy local root exploit (CVE-2022-23220)

[Greg KH <greg () kroah com>]

On Fri, Jan 21, 2022 at 03:33:50PM +0100, Matthias Gerstner wrote:
> Hello list,
>
> this is to inform you about a local root exploit I found in usbview [1]
> release 2.1. This finding was embargoed for 7 days on the linux-distros
> mailing list and the fix has been published today.
>
> The upstream author Greg KH is currently working on an improved version
> of usbview that will no longer require root privileges to run.

That new version is now released as 3.0, which should prevent the need
for any of this mess in the future as no root permissions are needed at
all.

thanks,

gre gk-h