Fix text around privesc in MUL22-01

author: Linus Färnstrand <faern@faern.net> 2022-10-21 10:02:26 +0200
committer: Linus Färnstrand <linus@mullvad.net> 2022-10-21 13:04:19 +0200
commit: d184b215f680d9f4e11d87ba4fd5ba4d9b2dd07e (patch)
tree: 01a2d3c7adc06c7f167ca67755fd5cfae8af2e6b
parent: 28fb2fe839d68b54c28448eba6803e9decc7b84c (diff)
download: mullvadvpn-d184b215f680d9f4e11d87ba4fd5ba4d9b2dd07e.tar.xz
mullvadvpn-d184b215f680d9f4e11d87ba4fd5ba4d9b2dd07e.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/audits/2022-10-14-atredis.md b/audits/2022-10-14-atredis.md
index 7355f5f18a..39a466142b 100644
--- a/audits/2022-10-14-atredis.md
+++ b/audits/2022-10-14-atredis.md
@@ -67,8 +67,11 @@ to both have administrator privileges and stop the `mullvad-daemon` service befo
 could connect to the driver and trigger the bug. Mullvad deems this both unlikely to
 happen and not in scope of what the app should try to protect against. If an attacker
 has administrator privileges already, they can do worse stuff than
-exploiting this bug. This bug does not lead to privilege escalation, since administrator
-level is required to use it.
+exploiting this bug.
+
+This bug will likely not enable privilege escalation. The attacker already needs to
+be administrator, and we have no indication that an administrator could use this to gain
+further privileges.
 
 Regardless of the low severity, the bug has been fixed in the kernel driver.
 [This PR](https://github.com/mullvad/win-split-tunnel/pull/34),
author	Linus Färnstrand <faern@faern.net>	2022-10-21 10:02:26 +0200
committer	Linus Färnstrand <linus@mullvad.net>	2022-10-21 13:04:19 +0200
commit	d184b215f680d9f4e11d87ba4fd5ba4d9b2dd07e (patch)
tree	01a2d3c7adc06c7f167ca67755fd5cfae8af2e6b
parent	28fb2fe839d68b54c28448eba6803e9decc7b84c (diff)
download	mullvadvpn-d184b215f680d9f4e11d87ba4fd5ba4d9b2dd07e.tar.xz mullvadvpn-d184b215f680d9f4e11d87ba4fd5ba4d9b2dd07e.zip