SB2022112960 - Security restrictions bypass in USBGuard
Published: November 29, 2022
Security Bulletin ID
SB2022112960
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Incorrect authorization (CVE-ID: CVE-2019-25058)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to unspecified error within the usbguard-dbus daemon. A local user can allow all USB devices to be connected in the future.
Remediation
Install update from vendor's website.
References
- https://github.com/USBGuard/usbguard/pull/531
- https://github.com/USBGuard/usbguard/issues/273
- https://github.com/USBGuard/usbguard/issues/403
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3HQVTHHJFQLSWSXA7W3ZHRF72YMPI46/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B2ET6DU4IA64M6TMQ4X3SG2L6TRPLDN6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4QO5J5YEWVX27QXYOGL3BDRV3KXNRQI/
- https://lists.debian.org/debian-lts-announce/2022/04/msg00010.html