| ▲ | MarleTangible 2 hours ago | |||||||
Seems like distros consider it a medium risk because it doesn't involve remote code execution and requires local access. Though it allows local root privilege escalation which is considered high priority. https://ubuntu.com/security/cves/about#priority > Medium: A significant problem, typically exploitable for many users. Includes network daemon denial of service, cross-site scripting, and gaining user privileges. | ||||||||
| ▲ | oskarkk 2 hours ago | parent | next [-] | |||||||
Strange that it's not classified as "high", which specifically includes "local root privilege escalations". > High: A significant problem, typically exploitable for nearly all users in a default installation of Ubuntu. Includes serious remote denial of service, local root privilege escalations, local data theft, and data loss. | ||||||||
| ||||||||
| ▲ | daveoc64 10 minutes ago | parent | prev | next [-] | |||||||
Ubuntu seems to have updated the page to say that it's a high priority now. | ||||||||
| ▲ | mghackerlady 23 minutes ago | parent | prev | next [-] | |||||||
it's not like this couldn't be chained with some other exploit to get remote access to get remote root access which seems like a bit of an issue | ||||||||
| ▲ | 2 hours ago | parent | prev | next [-] | |||||||
| [deleted] | ||||||||
| ▲ | 39 minutes ago | parent | prev [-] | |||||||
| [deleted] | ||||||||