CVE-2022-24612: 
EyesOfNetwork vulnerability analysis and mitigation

An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 affecting the handling of the .config/Yubico directory. The vulnerability was identified with CVE-2022-24612 and impacts systems using SELinux in enforced mode with pam-u2f authentication (Rapid7).

When SELinux is in enforced mode, the vulnerability prevents pam-u2f from reading the user's U2F configuration file due to improper directory handling. This becomes particularly problematic when the system is configured with the nouserok option, which is the default setting when configured by the authselect tool (Rapid7).

The primary impact is the potential bypass of two-factor authentication (2FA). If the configuration file cannot be read due to this vulnerability, and the system is using the default nouserok option, the second authentication factor becomes disabled. This allows an attacker with knowledge of only the password to successfully log in, effectively bypassing the 2FA security measure (Rapid7).

Several solution packages have been released to address this vulnerability, including selinux-policy upgrades for various configurations: selinux-policy, selinux-policy-minimum, selinux-policy-mls, selinux-policy-sandbox, and selinux-policy-targeted (Rapid7).