CVE-2022-0987 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Information disclosure
Description	A vulnerability was found in PackageKit in the way some of the methods exposed by the Transaction interface examine files without dropping privileges. The InstallFiles method, for example, will fail silently with a non-existing file, however if the file exists it will read the contents of the file and take longer to return than a non-existing file will. This vulnerability allows a local user to know whether a file owned by root or other users exists.

References
https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/