Tavis Ormandy discovered that NetworkManager incorrectly filtered paths when requested to read modem device contexts. A local attacker could possibly use this issue to bypass privileges and manipulate modem device configuration or read arbitrary files.
{
"binaries": [
{
"binary_name": "gir1.2-networkmanager-1.0",
"binary_version": "0.9.8.8-0ubuntu7.1"
},
{
"binary_name": "libnm-glib-vpn1",
"binary_version": "0.9.8.8-0ubuntu7.1"
},
{
"binary_name": "libnm-glib4",
"binary_version": "0.9.8.8-0ubuntu7.1"
},
{
"binary_name": "libnm-util2",
"binary_version": "0.9.8.8-0ubuntu7.1"
},
{
"binary_name": "network-manager",
"binary_version": "0.9.8.8-0ubuntu7.1"
}
],
"availability": "No subscription required"
}