The PAM module for fscrypt through v0.3.2 doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to v0.3.3 or above.
For more details, see CVE-2022-25327.
The PAM module for
fscryptthrough v0.3.2 doesn't adequately validatefscryptmetadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating afscryptmetadata file that prevents other users from logging into the system. We recommend upgrading to v0.3.3 or above.For more details, see CVE-2022-25327.