oss-sec mailing list archives
Re: usbview polkit policy local root exploit (CVE-2022-23220)
From: Greg KH <greg () kroah com>
Date: Sat, 22 Jan 2022 13:12:12 +0100
On Fri, Jan 21, 2022 at 03:33:50PM +0100, Matthias Gerstner wrote:
Hello list, this is to inform you about a local root exploit I found in usbview [1] release 2.1. This finding was embargoed for 7 days on the linux-distros mailing list and the fix has been published today. The upstream author Greg KH is currently working on an improved version of usbview that will no longer require root privileges to run.
That new version is now released as 3.0, which should prevent the need for any of this mess in the future as no root permissions are needed at all. thanks, gre gk-h
Current thread:
- usbview polkit policy local root exploit (CVE-2022-23220) Matthias Gerstner (Jan 21)
- Re: usbview polkit policy local root exploit (CVE-2022-23220) Greg KH (Jan 22)