Unrated severityNVD Advisory· Published Oct 26, 2022· Updated May 9, 2025

sendmail: mail to root privilege escalation via sm-client.pre script

CVE-2022-31256

Description

A symlink following flaw in the sendmail systemd service script on openSUSE Factory lets local attackers escalate from mail user to root.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A symlink following flaw in the sendmail systemd service script on openSUSE Factory lets local attackers escalate from mail user to root.

Vulnerability

A symlink following vulnerability exists in the sm-client.pre script invoked by the sendmail systemd service on openSUSE Factory. The script improperly resolves symbolic links before accessing files, allowing a local attacker to trick it into operating on an arbitrary file. This affects sendmail versions prior to 8.17.1-1.1 on openSUSE Factory [1].

Exploitation

An attacker with local access as the mail user can create a symbolic link in a location that the sm-client.pre script writes to or reads from. When the script runs (triggered by systemd), it follows the attacker-controlled symlink and performs file operations on a target file owned by root, such as overwriting a system configuration file or a privileged binary.

Impact

Successful exploitation allows the attacker to escalate privileges from the mail user to root, gaining full control over the system.

Mitigation

The vulnerability is fixed in sendmail version 8.17.1-1.1 for openSUSE Factory. Users should update to this version or later. No workaround is documented; the fix is available via the package manager [1].

References

mail to root privilege escalation via sm-client.pre script

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

SUSE S.A./openSUSE Factory sendmailllm-create2 versions
<8.17.1-1.1+ 1 more
- (no CPE)range: <8.17.1-1.1
- (no CPE)range: sendmail
osv-coords26 versions
pkg:rpm/opensuse/sendmail&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/sendmail&distro=openSUSE%20Leap%2015.4 pkg:rpm/suse/sendmail&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/sendmail&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2012 pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4 pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCL pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/sendmail&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/sendmail&distro=SUSE%20Manager%20Proxy%204.1 pkg:rpm/suse/sendmail&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1 pkg:rpm/suse/sendmail&distro=SUSE%20Manager%20Server%204.1
< 8.15.2-150000.8.9.1+ 25 more
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.14.9-4.6.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1
- (no CPE)range: < 8.15.2-150000.8.9.1

Patches

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

bugzilla.suse.com/show_bug.cgimitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000