2170784 – (CVE-2022-36369) CVE-2022-36369 qatzip: local privilege escalation

Bug 2170784 (CVE-2022-36369) - CVE-2022-36369 qatzip: local privilege escalation

Summary: CVE-2022-36369 qatzip: local privilege escalation

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2022-36369
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2171981 2171982 2178769
Blocks:	2170785
TreeView+	depends on / blocked

Reported:	2023-02-17 08:51 UTC by TEJ RATHI
Modified:	2023-05-31 21:14 UTC (History)
CC List:	1 user (show)
Fixed In Version:	qatzip 1.0.9
Doc Type:	If docs needed, set a value
Doc Text:	A potential flaw was found in QATzip. This vulnerability may allow escalation of privileges.
Clone Of:
Environment:
Last Closed:	2023-05-31 21:14:46 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:1976	0	None	None	None	2023-04-25 10:23:57 UTC
Red Hat Product Errata	RHSA-2023:3397	0	None	None	None	2023-05-31 15:53:46 UTC

Description TEJ RATHI 2023-02-17 08:51:53 UTC

Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.

Affects QATzip before version 1.0.9.

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00765.html

Comment 2 Mauro Matteo Cascella 2023-04-14 17:02:32 UTC

This issue was fixed upstream in version 1.0.9. The qatzip packages as shipped in following Red Hat products were previously updated to a version that contains the fix via the following errata:

qatzip in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHBA-2022:7667

qatzip in Red Hat Enterprise Linux 9
https://access.redhat.com/errata/RHBA-2022:8256

Comment 3 errata-xmlrpc 2023-04-25 10:23:56 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1976 https://access.redhat.com/errata/RHSA-2023:1976

Comment 6 errata-xmlrpc 2023-05-31 15:53:45 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3397 https://access.redhat.com/errata/RHSA-2023:3397

Comment 7 Product Security DevOps Team 2023-05-31 21:14:45 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-36369

Note You need to log in before you can comment on or make changes to this bug.