← Back to CVEs
CVE-2022-0563
MEDIUM5.5
Description
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.
CVE Details
CVSS v3.1 Score5.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published2/21/2022
Last Modified6/9/2025
Sourcenvd
Honeypot Sightings0
Affected Products
kernel:util-linuxnetapp:ontap_select_deploy_administration_utility
Weaknesses (CWE)
CWE-209CWE-209
References
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u(secalert@redhat.com)
https://security.gentoo.org/glsa/202401-08(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20220331-0002/(secalert@redhat.com)
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202401-08(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20220331-0002/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.