Vulnerability Details CVE-2022-25327
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.3%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
Products affected by CVE-2022-25327
-
cpe:2.3:a:google:fscrypt:0.1.0
-
cpe:2.3:a:google:fscrypt:0.2.0
-
cpe:2.3:a:google:fscrypt:0.2.1
-
cpe:2.3:a:google:fscrypt:0.2.2
-
cpe:2.3:a:google:fscrypt:0.2.3
-
cpe:2.3:a:google:fscrypt:0.2.4