alt Hacker NewsSeems like distros consider it a medium risk because it doesn't involve remote code execution and requires local access. Though it allows local root privilege escalation which is considered high priority.
https://ubuntu.com/security/cves/about#priority
> Medium: A significant problem, typically exploitable for many users. Includes network daemon denial of service, cross-site scripting, and gaining user privileges.
Replies
mghackerlady • yesterday at 9:37 PM
it's not like this couldn't be chained with some other exploit to get remote access to get remote root access which seems like a bit of an issue
daveoc64 • yesterday at 9:50 PM
Ubuntu seems to have updated the page to say that it's a high priority now.
Strange that it's not classified as "high", which specifically includes "local root privilege escalations".
> High: A significant problem, typically exploitable for nearly all users in a default installation of Ubuntu. Includes serious remote denial of service, local root privilege escalations, local data theft, and data loss.