Описание
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.
Отчет
This vulnerability is rated as an important severity because a flaw in the users crate for Rust allows local privilege escalation. Specifically, when a user or process belongs to fewer than exactly 1024 groups, the crate’s group listing logic incorrectly includes the root group in the access list. This erroneous behavior enables unauthorized processes or users to gain elevated privileges, compromising system confidentiality and integrity.
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Red Hat Enterprise Linux 10 | rust-ssh-key-dir | Will not fix | ||
Red Hat Enterprise Linux 9 | rust-afterburn | Will not fix | ||
Red Hat OpenShift Container Platform 4 | kata-containers | Not affected | ||
Red Hat OpenShift Container Platform 4 | rust-afterburn | Will not fix | ||
Red Hat Trusted Profile Analyzer | rhtpa/rhtpa-trustification-service-rhel9 | Affected | ||
Red Hat OpenShift sandboxed containers 1.1 | registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator | Fixed | RHSA-2025:12359 | 31.07.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.
EPSS
7.1 High
CVSS3