CVE-2018-6558

Summary

The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).

Affected Software

VendorProductVersion RangeStatus
The fscrypt Projectfscryptbefore 0.2.4affected

Weaknesses

  • n/a

ADP Enrichment

CVE Program Container

Additional References

References