2236890 – (CVE-2023-1523) CVE-2023-1523 snapd: code exec via TIOCLINUX ioctl request

Bug 2236890 (CVE-2023-1523) - CVE-2023-1523 snapd: code exec via TIOCLINUX ioctl request

Summary: CVE-2023-1523 snapd: code exec via TIOCLINUX ioctl request

Keywords:
Status:	NEW
Alias:	CVE-2023-1523
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2236891 2236892
Blocks:
TreeView+	depends on / blocked

Reported:	2023-09-01 21:36 UTC by Chess Hazlett
Modified:	2023-09-01 21:36 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Chess Hazlett 2023-09-01 21:36:41 UTC

Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.

https://ubuntu.com/security/notices/USN-6125-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523
https://github.com/snapcore/snapd/pull/12849
https://marc.info/?l=oss-security&m=167879021709955&w=2

Comment 1 Chess Hazlett 2023-09-01 21:36:57 UTC

Created snapd tracking bugs for this issue:

Affects: epel-all [bug 2236891]
Affects: fedora-all [bug 2236892]

Note You need to log in before you can comment on or make changes to this bug.