Vulnerability Description
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Projectatomic | Bubblewrap | <= 0.1.5 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2020/07/10/1
- http://www.openwall.com/lists/oss-security/2023/03/17/1
- http://www.securityfocus.com/bid/97260Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1411811Issue TrackingPatch
- https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab8543Patch
- https://github.com/projectatomic/bubblewrap/issues/142ExploitPatchVendor Advisory
- https://www.openwall.com/lists/oss-security/2023/03/14/2
- http://www.openwall.com/lists/oss-security/2020/07/10/1
- http://www.openwall.com/lists/oss-security/2023/03/17/1
- http://www.securityfocus.com/bid/97260Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1411811Issue TrackingPatch
- https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab8543Patch
- https://github.com/projectatomic/bubblewrap/issues/142ExploitPatchVendor Advisory
- https://www.openwall.com/lists/oss-security/2023/03/14/2
FAQ
What is CVE-2017-5226?
CVE-2017-5226 is a vulnerability with a CVSS score of 10.0 (CRITICAL). When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an at...
How severe is CVE-2017-5226?
CVE-2017-5226 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-5226?
Check the references section above for vendor advisories and patch information. Affected products include: Projectatomic Bubblewrap.