Bubblewrap prior to 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bubblewrap project bubblewrap |