CVE-2021-41133

Flatpak is a system for building, distributing, and running sandboxed
desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0,
Flatpak apps with direct access to AF_UNIX sockets such as those used by
Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS
services into treating the Flatpak app as though it was an ordinary,
non-sandboxed host-OS process. They can do this by manipulating the VFS
using recent mount-related syscalls that are not blocked by Flatpak’s
denylist seccomp filter, in order to substitute a crafted /.flatpak-info
or make that file disappear entirely. Flatpak apps that act as clients for
AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse
can escalate the privileges that the corresponding services will believe
the Flatpak app has. Note that protocols that operate entirely over the
D-Bus session bus (user bus), system bus or accessibility bus are not
affected by this. This is due to the use of a proxy process
xdg-dbus-proxy, whose VFS cannot be manipulated by the Flatpak app, when
interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0,
and as of time of publication, a patch for version 1.8.2 is being planned.
There are no workarounds aside from upgrading to a patched version.

Bugs

• <https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/1946578&gt;
• <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995935&gt;

Notes