seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname. https://security-tracker.debian.org/tracker/CVE-2022-25643 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25643 https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E
Created seatd tracking bugs for this issue: Affects: fedora-34 [bug 2057701] Affects: fedora-35 [bug 2057702]
Not affected: 1. seatd-launch is disabled in our build of seatd. We never shipped the vulnerable component to Fedora users. 2. Even if the user rebuilds the package with `--with server`, SUID bit required for exploiting the vulnerability is not set by default 3. 0.6.4 update is already published for all supported branches
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.