Home > Vulnerability Database > CVE-2022-1117

Mend.io Vulnerability Database

CVE-2022-1117

Date: August 29, 2022

A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.

Severity Score

8.4

Related Resources (8)

Url: https://github.com/linux-application-whitelisting/fapolicyd/commit/38a942613f93824c53164730b2b7a2f75b8cd263

Url: https://access.redhat.com/security/cve/CVE-2022-1117

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-1117

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2068171

Url: https://access.redhat.com/errata/RHSA-2022:1898

Url: https://access.redhat.com/errata/RHSA-2022:4824

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2066904

Url: https://www.mend.io/vulnerability-database/CVE-2022-1117

Severity Score

8.4

Weakness Type (CWE)

Files or Directories Accessible to External Parties

CWE-552

CVSS v3.1

Base Score:	8.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-1117

Date: August 29, 2022

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?