Vulnerability Details CVE-2022-37706
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.478
EPSS Ranking 97.5%
CVSS Severity
CVSS v3 Score 7.8
References
- https://git.enlightenment.org/enlightenment/enlightenment/commit/cae78cbb169f237862faef123e4abaf63a1f5064
- https://git.enlightenment.org/enlightenment/enlightenment/commit/cc7faeccf77fef8b0ae70e312a21e4cde087e141
- https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit
- https://git.enlightenment.org/enlightenment/enlightenment/commit/cae78cbb169f237862faef123e4abaf63a1f5064
- https://git.enlightenment.org/enlightenment/enlightenment/commit/cc7faeccf77fef8b0ae70e312a21e4cde087e141
- https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit
Products affected by CVE-2022-37706
-
cpe:2.3:a:enlightenment:enlightenment:0.17.0
-
cpe:2.3:a:enlightenment:enlightenment:0.17.1
-
cpe:2.3:a:enlightenment:enlightenment:0.17.2
-
cpe:2.3:a:enlightenment:enlightenment:0.17.2.1
-
cpe:2.3:a:enlightenment:enlightenment:0.17.3
-
cpe:2.3:a:enlightenment:enlightenment:0.17.4
-
cpe:2.3:a:enlightenment:enlightenment:0.17.5
-
cpe:2.3:a:enlightenment:enlightenment:0.18.0
-
cpe:2.3:a:enlightenment:enlightenment:0.18.1
-
cpe:2.3:a:enlightenment:enlightenment:0.18.2
-
cpe:2.3:a:enlightenment:enlightenment:0.18.3
-
cpe:2.3:a:enlightenment:enlightenment:0.18.4
-
cpe:2.3:a:enlightenment:enlightenment:0.18.5
-
cpe:2.3:a:enlightenment:enlightenment:0.18.6
-
cpe:2.3:a:enlightenment:enlightenment:0.18.7
-
cpe:2.3:a:enlightenment:enlightenment:0.18.8
-
cpe:2.3:a:enlightenment:enlightenment:0.19.0
-
cpe:2.3:a:enlightenment:enlightenment:0.19.1
-
cpe:2.3:a:enlightenment:enlightenment:0.19.10
-
cpe:2.3:a:enlightenment:enlightenment:0.19.11
-
cpe:2.3:a:enlightenment:enlightenment:0.19.12
-
cpe:2.3:a:enlightenment:enlightenment:0.19.14
-
cpe:2.3:a:enlightenment:enlightenment:0.19.2
-
cpe:2.3:a:enlightenment:enlightenment:0.19.3
-
cpe:2.3:a:enlightenment:enlightenment:0.19.4
-
cpe:2.3:a:enlightenment:enlightenment:0.19.5
-
cpe:2.3:a:enlightenment:enlightenment:0.19.6
-
cpe:2.3:a:enlightenment:enlightenment:0.19.7
-
cpe:2.3:a:enlightenment:enlightenment:0.19.8
-
cpe:2.3:a:enlightenment:enlightenment:0.19.9
-
cpe:2.3:a:enlightenment:enlightenment:0.20.0
-
cpe:2.3:a:enlightenment:enlightenment:0.20.1
-
cpe:2.3:a:enlightenment:enlightenment:0.20.2
-
cpe:2.3:a:enlightenment:enlightenment:0.20.3
-
cpe:2.3:a:enlightenment:enlightenment:0.20.4
-
cpe:2.3:a:enlightenment:enlightenment:0.20.5
-
cpe:2.3:a:enlightenment:enlightenment:0.20.6
-
cpe:2.3:a:enlightenment:enlightenment:0.20.7
-
cpe:2.3:a:enlightenment:enlightenment:0.20.8
-
cpe:2.3:a:enlightenment:enlightenment:0.20.9
-
cpe:2.3:a:enlightenment:enlightenment:0.21.0
-
cpe:2.3:a:enlightenment:enlightenment:0.21.1
-
cpe:2.3:a:enlightenment:enlightenment:0.21.10
-
cpe:2.3:a:enlightenment:enlightenment:0.21.11
-
cpe:2.3:a:enlightenment:enlightenment:0.21.2
-
cpe:2.3:a:enlightenment:enlightenment:0.21.3
-
cpe:2.3:a:enlightenment:enlightenment:0.21.4
-
cpe:2.3:a:enlightenment:enlightenment:0.21.5
-
cpe:2.3:a:enlightenment:enlightenment:0.21.6
-
cpe:2.3:a:enlightenment:enlightenment:0.21.7
-
cpe:2.3:a:enlightenment:enlightenment:0.21.8
-
cpe:2.3:a:enlightenment:enlightenment:0.21.9
-
cpe:2.3:a:enlightenment:enlightenment:0.22.0
-
cpe:2.3:a:enlightenment:enlightenment:0.22.1
-
cpe:2.3:a:enlightenment:enlightenment:0.22.2
-
cpe:2.3:a:enlightenment:enlightenment:0.22.3
-
cpe:2.3:a:enlightenment:enlightenment:0.22.4
-
cpe:2.3:a:enlightenment:enlightenment:0.23.0