Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-5791

Опубликовано: 15 янв. 2025
Источник: redhat
CVSS3: 7.1
EPSS Низкий

Описание

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.

Отчет

This vulnerability is rated as an important severity because a flaw in the users crate for Rust allows local privilege escalation. Specifically, when a user or process belongs to fewer than exactly 1024 groups, the crate’s group listing logic incorrectly includes the root group in the access list. This erroneous behavior enables unauthorized processes or users to gain elevated privileges, compromising system confidentiality and integrity.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10rust-ssh-key-dirWill not fix
Red Hat Enterprise Linux 9rust-afterburnWill not fix
Red Hat OpenShift Container Platform 4kata-containersNot affected
Red Hat OpenShift Container Platform 4rust-afterburnWill not fix
Red Hat Trusted Profile Analyzerrhtpa/rhtpa-trustification-service-rhel9Affected
Red Hat OpenShift sandboxed containers 1.1registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operatorFixedRHSA-2025:1235931.07.2025

Показывать по

Дополнительная информация

Статус:

Important
Дефект:
CWE-266
https://bugzilla.redhat.com/show_bug.cgi?id=2370001users: `root` appended to group listings

EPSS

Процентиль: 0%
0.00006
Низкий

7.1 High

CVSS3

Связанные уязвимости

CVSS3: 7.1
ubuntu
2 месяца назад

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.

CVSS3: 7.1
nvd
2 месяца назад

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.

CVSS3: 7.1
github
2 месяца назад

users may append `root` to group listings

suse-cvrf
около 1 месяца назад

Security update for himmelblau

EPSS

Процентиль: 0%
0.00006
Низкий

7.1 High

CVSS3