Vulnerability DatabaseCVE-2022-31250

CVE-2022-31250:
Linux openSUSE vulnerability analysis and mitigation

Overview

A UNIX Symbolic Link (Symlink) Following vulnerability (CVE-2022-31250) was discovered in keylime of openSUSE Tumbleweed. The vulnerability was disclosed on July 20, 2022, and affects the keylime package, specifically the post-installation script functionality (NVD).

Technical details

The vulnerability exists in the post-installation script of keylime-tpmcertstore package, where unsafe chown operations are performed on files and directories that could be influenced by unprivileged users. The issue is classified as CWE-59 (Symlink Following) and received a CVSS score of 7.8 (SUSE Bugzilla).

Impact

This vulnerability allows local attackers with keylime user privileges to escalate their permissions to root through symbolic link manipulation. The attacker could exploit this to take ownership of arbitrary files in the system, including critical system files like /etc/passwd (SUSE Bugzilla).

Mitigation and workarounds

The issue was addressed by removing the unsafe chown calls from the post-installation script. For necessary ownership changes, secure alternatives using chown -h were implemented to modify only the symbolic links themselves rather than following them. The fix was released as part of SUSE-SU-2022:2658-1 update (SUSE Bugzilla).

Additional resources

Source: This report was generated using AI

Related Linux openSUSE vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-13470	HIGH	7.7	Linux Debian	rnp-debugsource	No	Yes	Nov 21, 2025
CVE-2025-61915	MEDIUM	6.7	OpenPrinting CUPS	libcupsmime1	No	Yes	Nov 29, 2025
CVE-2025-58436	MEDIUM	5.5	OpenPrinting CUPS	cups-client	No	Yes	Nov 29, 2025
CVE-2025-9820	N/A	N/A	GnuTLS	gnutls-fips	No	Yes	Nov 21, 2025
CVE-2025-13402	N/A	N/A	Linux Fedora	rnp-devel	No	Yes	Nov 21, 2025