TIOCLINUX can send commands outside sandbox if running on a virtual console
CVE-2023-28100

10CRITICAL

Key Information:

Vendor

Flatpak

Status
Flatpak
Vendor
CVE Published:
16 March 2023

What is CVE-2023-28100?

A vulnerability in Flatpak allows a malicious application running in a Linux virtual console to manipulate the command buffer. Using the TIOCLINUX ioctl command, an attacker can copy text from the virtual console and execute unintended commands after the Flatpak app's termination. This issue is specific to virtual consoles such as /dev/tty1, whereas normal terminal emulators remain unaffected. Users are encouraged to update to patched versions or avoid running Flatpak applications in these environments.

Affected Version(s)

flatpak < 1.10.8 < 1.10.8

flatpak >= 1.12.0, < 1.12.8 < 1.12.0, 1.12.8

flatpak >= 1.14.0, < 1.14.4 < 1.14.0, 1.14.4

References

https://github.com/flatpak/flatpak/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/flatpak/flatpak/commit/8e63de9a7d3124f...
x_refsource_MISC
https://marc.info/?l=oss-security&m=167879021709955&w=2
x_refsource_MISC

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.