Lucene search

K
cve[email protected]CVE-2021-41133
HistoryOct 08, 2021 - 2:15 p.m.

CVE-2021-41133

2021-10-0814:15:08
CWE-20
web.nvd.nist.gov
205
14
flatpak
linux
sandbox
security
cve-2021-41133
vulnerability
patch

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak’s denylist seccomp filter, in order to substitute a crafted /.flatpak-info or make that file disappear entirely. Flatpak apps that act as clients for AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. This is due to the use of a proxy process xdg-dbus-proxy, whose VFS cannot be manipulated by the Flatpak app, when interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0, and as of time of publication, a patch for version 1.8.2 is being planned. There are no workarounds aside from upgrading to a patched version.

Affected configurations

Vulners
NVD
Node
flatpakflatpakRange1.8.0–1.8.2
OR
flatpakflatpakRange1.10.0–1.10.4
OR
flatpakflatpakRange1.11.0–1.12.0
VendorProductVersionCPE
flatpakflatpak*cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*
flatpakflatpak*cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*
flatpakflatpak*cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "flatpak",
    "product": "flatpak",
    "versions": [
      {
        "version": ">= 1.8.0, <= 1.8.2",
        "status": "affected"
      },
      {
        "version": ">= 1.10.0, < 1.10.4",
        "status": "affected"
      },
      {
        "version": ">= 1.11.0, < 1.12.0",
        "status": "affected"
      }
    ]
  }
]

References

Social References

More

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%