Bug 2055505 (CVE-2022-25255)

Summary: CVE-2022-25255 qt: QProcess could execute a binary from the current working directory when not found in the PATH
Product: [Other] Security Response Reporter: Sandipan Roy <saroy>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: helio, jgrulich, jreznik, kasal, kde-sig, kevin, me, rdieter, smparrish, than
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: qt 5.15.9, qt 6.2.4 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in qt. The vulnerability occurs due to executing binaries from the current directory when the loading path failed, leading to an uncontrolled path element vulnerability. This flaw allows an attacker to execute malicious executables.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-12-06 14:16:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2059851, 2059852, 2059853, 2059854    
Bug Blocks: 2055506    

Description Sandipan Roy 2022-02-17 06:29:11 UTC 
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.

https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff
https://codereview.qt-project.org/c/qt/qtbase/+/393113
https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff
https://codereview.qt-project.org/c/qt/qtbase/+/396020
https://codereview.qt-project.org/c/qt/qtbase/+/394914
Comment 2 Sandipan Roy 2022-03-02 08:04:41 UTC 
Created qt5 tracking bugs for this issue:

Affects: fedora-all [bug 2059851]


Created qt6 tracking bugs for this issue:

Affects: fedora-all [bug 2059852]
Comment 5 errata-xmlrpc 2022-11-08 09:15:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7482 https://access.redhat.com/errata/RHSA-2022:7482
Comment 6 errata-xmlrpc 2022-11-15 09:58:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8022 https://access.redhat.com/errata/RHSA-2022:8022
Comment 7 Product Security DevOps Team 2022-12-06 14:16:19 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-25255