CVE-2022-31250

Summary

A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1.

Affected Software

VendorProductVersion RangeStatus
openSUSETumbleweedkeylime < 6.4.2-1.1affected

Weaknesses

  • CWE-59: CWE-59: Improper Link Resolution Before File Access ('Link Following')

ADP Enrichment

CVE Program Container

Additional References

References