GMS-2022-178: Possible filesystem space exhaustion by local users

March 1, 2022 (updated January 11, 2023)

fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt v0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.

For more details, see CVE-2022-25326 and https://github.com/google/fscrypt#setting-up-fscrypt-on-a-filesystem.

References

github.com/advisories/GHSA-chxf-fjcf-7fwp
github.com/google/fscrypt/security/advisories/GHSA-chxf-fjcf-7fwp

Code Behaviors & Features

Detect and mitigate GMS-2022-178 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →