Github.Com Google Fscrypt vulnerabilities

CVE-2022-25326 [MEDIUM] Possible filesystem space exhaustion by local users Possible filesystem space exhaustion by local users `fscrypt` through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to `fscrypt` v0.3.3 or above and adjusting the permissions on existing `fscrypt` metadata directories where applicable. For more details, see [CVE-2022-25326](https://www.cve.org/CVERecord?

CVE-2022-25328 [MEDIUM] CWE-78 Command injection in github.com/google/fscrypt Command injection in github.com/google/fscrypt The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash

CVE-2022-25327 [MEDIUM] CWE-276 User login denial of service in github.com/google/fscrypt User login denial of service in github.com/google/fscrypt The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or ab

CVE-2018-6558 [MEDIUM] Privilege Escalation in fscrypt Privilege Escalation in fscrypt The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).