Published: 31/03/2020 Updated: 02/04/2020
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Summary

Bubblewrap could allow a remote authenticated malicious user to gain elevated privileges on the system, caused by a flaw in the setuid mode. By using a specially crafted namespace, an attacker could exploit this vulnerability to gain root permissions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

projectatomic bubblewrap

debian debian linux 10.0

archlinux arch linux -

centos centos 7.0

Vendor Advisories

Debian Bug report logs - #955441 CVE-2020-5291, GHSA-j2qp-rvxj-43vj: privilege escalation in some kernel configurations Package: bubblewrap; Maintainer for bubblewrap is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for bubblewrap is src:bubblewrap (PTS, buildd, popcon) Reported by: Simon M ...