CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
51.1%
It was discovered that the snap sandbox did not restrict the use of the
ioctl system call with a TIOCLINUX request. This could be exploited by a
malicious snap to inject commands into the controlling terminal which would
then be executed outside of the snap sandbox once the snap had exited. This
could allow an attacker to execute arbitrary commands outside of the
confined snap sandbox. Note: graphical terminal emulators like xterm,
gnome-terminal and others are not affected - this can only be exploited
when snaps are run on a virtual console.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 23.04 | noarch | snapd | < 2.59.1+23.04ubuntu1.1 | UNKNOWN |
Ubuntu | 23.04 | noarch | golang-github-snapcore-snapd-dev | < 2.59.1+23.04ubuntu1.1 | UNKNOWN |
Ubuntu | 23.04 | noarch | golang-github-ubuntu-core-snappy-dev | < 2.59.1+23.04ubuntu1.1 | UNKNOWN |
Ubuntu | 23.04 | noarch | snap-confine | < 2.59.1+23.04ubuntu1.1 | UNKNOWN |
Ubuntu | 23.04 | noarch | snapd-dbgsym | < 2.59.1+23.04ubuntu1.1 | UNKNOWN |
Ubuntu | 23.04 | noarch | snapd-xdg-open | < 2.59.1+23.04ubuntu1.1 | UNKNOWN |
Ubuntu | 23.04 | noarch | ubuntu-core-launcher | < 2.59.1+23.04ubuntu1.1 | UNKNOWN |
Ubuntu | 23.04 | noarch | ubuntu-core-snapd-units | < 2.59.1+23.04ubuntu1.1 | UNKNOWN |
Ubuntu | 23.04 | noarch | ubuntu-snappy | < 2.59.1+23.04ubuntu1.1 | UNKNOWN |
Ubuntu | 23.04 | noarch | ubuntu-snappy-cli | < 2.59.1+23.04ubuntu1.1 | UNKNOWN |