7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
11.9%
Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and
the kernel supports unprivileged user namespaces, then the bwrap --userns2
option can be used to make the setuid process keep running as
root while being traceable. This can in turn be used to gain root
permissions. Note that this only affects the combination of bubblewrap in
setuid mode (which is typically used when unprivileged user namespaces are
not supported) and the support of unprivileged user namespaces. Known to be
affected are: * Debian testing/unstable, if unprivileged user namespaces
enabled (not default) * Debian buster-backports, if unprivileged user
namespaces enabled (not default) * Arch if using linux-hardened
, if
unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR,
if unprivileged user namespaces enabled (not default) This has been fixed
in the 0.4.1 release, and all affected users should update.
Author | Note |
---|---|
seth-arnold | Bubblewrap isn’t installed setuid by default on Ubuntu |
mdeslaur | introduced in 0.4.0 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | bubblewrap | < 0.4.0-1ubuntu4 | UNKNOWN |
ubuntu | 20.10 | noarch | bubblewrap | < 0.4.0-1ubuntu4 | UNKNOWN |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
11.9%