Snapd seccomp filter TIOCSTI ioctl bypass
CVE-2019-7303

5.7MEDIUM

Key Information:

Vendor: Canonical
Status: Snapd
Vendor: CVE Published:; 21 March 2019

Summary

A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This issue affects: Canonical snapd versions prior to 2.37.4.

Affected Version(s)

snapd < 2.37.4

References

https://usn.ubuntu.com/3917-1/

x_refsource_MISC

https://www.exploit-db.com/exploits/46594

x_refsource_MISC

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 21, 2019
Vulnerability Reserved
Feb 1, 2019

Credit

Jann Horn