Published: 26/03/2019 Updated: 13/05/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 9 | Impact Score: 6 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Flatpak prior to 1.0.8, 1.1.x and 1.2.x prior to 1.2.4, and 1.3.x prior to 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
flatpak flatpak
flatpak flatpak 1.3.0

Debian Bug report logs - #925541 CVE-2019-10063: incomplete TIOCSTI filtering, similar to snapd's CVE-2019-7303 Package: flatpak; Maintainer for flatpak is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for flatpak is src:flatpak (PTS, buildd, popcon) Reported by: Simon McVittie <smcv@deb ...

Synopsis Important: flatpak security update Type/Severity Security Advisory: Important Topic An update for flatpak is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Synopsis Important: flatpak security update Type/Severity Security Advisory: Important Topic An update for flatpak is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Flatpak allows a sandbox bypass Flatpak versions since 081 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits This fix was incomplete ...

Impact: Important Public Date: 2019-03-22 CWE: CWE-266 Bugzilla: 1695973: CVE-2019-10063 flatpack: Sand ...

Flatpak before 108, 11x and 12x before 124, and 13x before 131 allows a sandbox bypass Flatpak versions since 081 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside ...

CWE-20 https://github.com/flatpak/flatpak/issues/2782 https://access.redhat.com/errata/RHSA-2019:1024 https://access.redhat.com/errata/RHSA-2019:1143 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925541 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2019-1219.html

CVE-2019-10063

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect