{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "state": "PUBLISHED",
        "cveId": "CVE-2022-42919",
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "dateUpdated": "2024-08-03T13:19:05.267Z",
        "dateReserved": "2022-10-14T00:00:00",
        "datePublished": "2022-11-06T00:00:00"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
                "shortName": "mitre",
                "dateUpdated": "2023-05-03T00:00:00"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9."
                }
            ],
            "affected": [
                {
                    "vendor": "n/a",
                    "product": "n/a",
                    "versions": [
                        {
                            "version": "n/a",
                            "status": "affected"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "url": "https://github.com/python/cpython/issues/97514"
                },
                {
                    "name": "FEDORA-2022-1166a1df1e",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PI5DYIED6U26BGX5IRZWNCP6TY4M2ZGZ/"
                },
                {
                    "name": "FEDORA-2022-028c09eaa7",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCRKBB5Y5EWTJUNC7LK665WO64DDXSTN/"
                },
                {
                    "name": "FEDORA-2022-b17bf30e88",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKGCQPIVHEAIJ77R3RSNSQWYBUDVWDKU/"
                },
                {
                    "name": "FEDORA-2022-462f39dd2f",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2LHWWEI5OBQ6RELULMVU6KMDYG4WZXH/"
                },
                {
                    "name": "FEDORA-2022-a7cad6bd22",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XX6LLAXGZVZ327REY6MDZRMMP47LJ53P/"
                },
                {
                    "name": "FEDORA-2022-f44dd1bec2",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6KGIRHSENZ4QAB234Z36HVIDTRJ3MFI/"
                },
                {
                    "url": "https://security.netapp.com/advisory/ntap-20221209-0006/"
                },
                {
                    "url": "https://github.com/python/cpython/issues/97514#issuecomment-1310277840"
                },
                {
                    "name": "FEDORA-2023-af5206f71d",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/"
                },
                {
                    "name": "FEDORA-2023-097dd40685",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/"
                },
                {
                    "url": "https://github.com/python/cpython/compare/v3.10.8...v3.10.9"
                },
                {
                    "url": "https://github.com/python/cpython/compare/v3.9.15...v3.9.16"
                },
                {
                    "name": "GLSA-202305-02",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://security.gentoo.org/glsa/202305-02"
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "type": "text",
                            "lang": "en",
                            "description": "n/a"
                        }
                    ]
                }
            ]
        },
        "adp": [
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-03T13:19:05.267Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://github.com/python/cpython/issues/97514",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "name": "FEDORA-2022-1166a1df1e",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PI5DYIED6U26BGX5IRZWNCP6TY4M2ZGZ/"
                    },
                    {
                        "name": "FEDORA-2022-028c09eaa7",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCRKBB5Y5EWTJUNC7LK665WO64DDXSTN/"
                    },
                    {
                        "name": "FEDORA-2022-b17bf30e88",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKGCQPIVHEAIJ77R3RSNSQWYBUDVWDKU/"
                    },
                    {
                        "name": "FEDORA-2022-462f39dd2f",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2LHWWEI5OBQ6RELULMVU6KMDYG4WZXH/"
                    },
                    {
                        "name": "FEDORA-2022-a7cad6bd22",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XX6LLAXGZVZ327REY6MDZRMMP47LJ53P/"
                    },
                    {
                        "name": "FEDORA-2022-f44dd1bec2",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6KGIRHSENZ4QAB234Z36HVIDTRJ3MFI/"
                    },
                    {
                        "url": "https://security.netapp.com/advisory/ntap-20221209-0006/",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/python/cpython/issues/97514#issuecomment-1310277840",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "name": "FEDORA-2023-af5206f71d",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/"
                    },
                    {
                        "name": "FEDORA-2023-097dd40685",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/"
                    },
                    {
                        "url": "https://github.com/python/cpython/compare/v3.10.8...v3.10.9",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://github.com/python/cpython/compare/v3.9.15...v3.9.16",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "name": "GLSA-202305-02",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://security.gentoo.org/glsa/202305-02"
                    }
                ]
            }
        ]
    }
}