Description
fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://pagure.io/arm-image-installer/pull-request/10
Scores
CVSS v3
7.0
EPSS
0.0026
EPSS Percentile
17.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-391
CWE-755
Status
published
Products (2)
fedoraproject/arm_installer
< 1.99.16
Red Hat, Inc./fedora-arm-installer
up to and including 1.99.16
Published
Jun 26, 2017
Tracked Since
Feb 18, 2026