AZL-10863

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-10863.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-10863

Upstream

CVE-2022-1117

Published

2022-08-29T15:15:10Z

Modified

2026-04-21T04:21:36.653637Z

Severity

8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2022-1117 affecting package fapolicyd for versions less than 1.3.2-1

Details

A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-1117

Affected packages

Azure Linux:2 / fapolicyd

Package

Name: fapolicyd
Purl: pkg:rpm/azure-linux/fapolicyd

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.2-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-10863.json"