CVE-2026-6970
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was manually changed via the authctl group set-gid command, and the user's identity provider record is updated, authd incorrectly resets the user's primary group ID to their UID upon next login. This causes newly created files and directories to be owned by the wrong group, causing denial of service issues, and potentially granting unintended access to other local users and allowing local privilege escalation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Canonical | authd | 0.6.0 < 0.6.4 | affected |
| Canonical | authd | 0.6.1 < 0.6.1ubuntu0.1 | affected |
Weaknesses
- CWE-842: CWE-842 Placement of user into incorrect group
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://github.com/canonical/authd/security/advisories/GHSA-fg3j-5w9g-hmg7
- https://github.com/canonical/authd/commit/154b428305cb1a7a19c897626fefd09d6dde8b9f
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.