{"id":"UBUNTU-CVE-2018-6558","details":"The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).","modified":"2025-07-16T07:38:57.759635Z","published":"2018-08-23T17:00:00Z","upstream":["CVE-2018-6558"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-6558"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2018-6558"}],"affected":[{"package":{"name":"fscrypt","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/fscrypt@0.2.2-0ubuntu2.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.2.2-0ubuntu2.1"}]}],"versions":["0.2.2-0ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"0.2.2-0ubuntu2.1","binary_name":"fscrypt"},{"binary_version":"0.2.2-0ubuntu2.1","binary_name":"golang-github-google-fscrypt-dev"},{"binary_version":"0.2.2-0ubuntu2.1","binary_name":"libpam-fscrypt"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6558.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}