Bug 2179220 (CVE-2023-28100)
Summary: | CVE-2023-28100 flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sandipan Roy <saroy> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | debarshir |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. It contains a vulnerability similar to CVE-2017-5226 but using the `TIOCLINUX` ioctl command instead of `TIOCSTI.` If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal, and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2`, and others.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2179221, 2179222, 2180311, 2180312 | ||
Bug Blocks: | 2179174 |
Description
Sandipan Roy
2023-03-17 05:05:05 UTC
Created flatpak tracking bugs for this issue: Affects: fedora-36 [bug 2179221] Affects: fedora-37 [bug 2179222] This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6518 https://access.redhat.com/errata/RHSA-2023:6518 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7038 https://access.redhat.com/errata/RHSA-2023:7038 |