Users: `root` appended to group listings

June 6, 2025 invoker category_cve

CVE Details

Basic Information

Title Users: `root` appended to group listings
Type cve
Published 2025-06-06T13:10:07.157Z
Last Seen

Product Information

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Version

CVSS Information

Base Score 7.1 (HIGH)
Attack Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description A vulnerability in the Rust ‘users’ crate allows privilege escalation by incorrectly adding the root group to access lists when a user has fewer than 1024 groups.
AI Severity High
Vendor Red Hat
Product Rust ‘users’ crate
Affected Version

Additional Information

CVE List
CWE List CWE-266
Bulletin Family

Description

A flaw was found in the user’s crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.