CVE-2020-15529 in GOG Galaxy
Summary
by MITRE
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 07/06/2020
The vulnerability identified as CVE-2020-15529 represents a critical local privilege escalation flaw within the GOG Galaxy Client version 2.0.17. This security weakness enables attackers with local user access to elevate their privileges to system level, creating a significant risk for compromised systems. The vulnerability specifically manifests during routine gaming operations such as game installation, verification, or repair processes, which are common maintenance activities that users regularly perform within the client environment. The exploitability of this flaw makes it particularly dangerous as it leverages legitimate user activities to achieve unauthorized system access.
The technical root cause of this vulnerability stems from improper file permission handling and the exploitation of opportunistic locking mechanisms within the client application. When users initiate game installation or verification processes, the client creates temporary files or modifies existing system components without adequate permission controls. The opportunistic locking mechanism, which is designed to provide file access coordination, becomes a vector for privilege escalation due to insufficient validation of file access rights. This weakness allows an attacker to manipulate file operations during these processes, potentially executing malicious code with elevated privileges.
From an operational impact perspective, this vulnerability presents a substantial risk to users who maintain local accounts on their systems, particularly in environments where multiple users share the same machine or where the client runs with elevated privileges. The attack surface is broad since the privilege escalation can be triggered through normal user activities, making detection challenging and exploitation relatively straightforward. Security professionals must consider that this vulnerability could be exploited by malware that gains initial access through other means, then uses this privilege escalation to establish persistent system-level access. The impact extends beyond simple privilege elevation as it can lead to complete system compromise, data theft, or the installation of additional malicious software.
The vulnerability aligns with CWE-276, which addresses improper file permissions, and demonstrates characteristics consistent with privilege escalation techniques found in the MITRE ATT&CK framework under the privilege escalation tactic. Organizations should implement immediate mitigations including updating to the latest version of GOG Galaxy Client where the vulnerability has been patched, applying restrictive file permissions on client installation directories, and monitoring for suspicious file creation or modification during game installation processes. Additionally, system administrators should consider implementing application whitelisting policies that restrict execution of unauthorized binaries during client operations and conduct regular security assessments to identify similar permission-related vulnerabilities in other software components.