Published: 29/03/2017 Updated: 17/03/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an malicious user to escape the sandbox.

Vulnerable Product	Search on Vulmon	Subscribe to Product
projectatomic bubblewrap

Synopsis Important: flatpak security update Type/Severity Security Advisory: Important Topic An update for flatpak is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Synopsis Important: flatpak security update Type/Severity Security Advisory: Important Topic An update for flatpak is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Debian Bug report logs - #1033099 flatpak: CVE-2023-28100: TIOCLINUX can send commands outside sandbox if running on a virtual console Package: flatpak; Maintainer for flatpak is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for flatpak is src:flatpak (PTS, buildd, popcon) Reported by: Simo ...

Debian Bug report logs - #925541 CVE-2019-10063: incomplete TIOCSTI filtering, similar to snapd's CVE-2019-7303 Package: flatpak; Maintainer for flatpak is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for flatpak is src:flatpak (PTS, buildd, popcon) Reported by: Simon McVittie <smcv@deb ...

Debian Bug report logs - #850702 CVE-2017-5226 -- bubblewrap escape Package: bubblewrap; Maintainer for bubblewrap is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for bubblewrap is src:bubblewrap (PTS, buildd, popcon) Reported by: up201407890@alunosdccfcuppt Date: Mon, 9 Jan 2017 13 ...

Low-level unprivileged sandboxing tool used by Flatpak and similar projects

Bubblewrap Many container runtime tools like systemd-nspawn, docker, etc focus on providing infrastructure for system administrators and orchestration tools (eg Kubernetes) to run containers These tools are not suitable to give to unprivileged users, because it is trivial to turn such access into a fully privileged root shell on the host User namespaces There is an effort

Low-level unprivileged sandboxing tool used by Flatpak and similar projects

Bubblewrap Many container runtime tools like systemd-nspawn, docker, etc focus on providing infrastructure for system administrators and orchestration tools (eg Kubernetes) to run containers These tools are not suitable to give to unprivileged users, because it is trivial to turn such access into a fully privileged root shell on the host User namespaces There is an effort

CWE-20 https://github.com/projectatomic/bubblewrap/issues/142 https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117 https://bugzilla.redhat.com/show_bug.cgi?id=1411811 http://www.securityfocus.com/bid/97260 http://www.openwall.com/lists/oss-security/2020/07/10/1 https://www.openwall.com/lists/oss-security/2023/03/14/2 http://www.openwall.com/lists/oss-security/2023/03/17/1 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2019:1143 https://github.com/containers/bubblewrap

CVE-2017-5226

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect