Vulnerabilities

CVE-2022-23220

by Fred · 21/01/2022

USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the –gtk-module option. This affects Ubuntu, Debian, and Gentoo.

Date published : 2022-01-21

https://www.debian.org/security/2022/dsa-5052

https://github.com/gregkh/usbview/commit/bf374fa4e5b9a756789dfd88efa93806a395463b

Similar

Tags: Cybersecurity Alert