fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories.
CVSS Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HFedora Project Arm Installer
APPFedoraproject≤ 1.99.16
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
Related vulnerabilities
CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam vendor
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
CVE-2024-5274CRITICAL9.6⚠ KEVPL ✓ten sam vendor
Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML
CVE-2024-4947CRITICAL9.6⚠ KEVPL ✓ten sam vendor
Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)
CVE-2024-4671CRITICAL9.6⚠ KEVPL ✓ten sam vendor
Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox
CVE-2023-6345CRITICAL9.6⚠ KEVPL ✓ten sam vendor
Integer overflow w Skia w Google Chrome — sandbox escape