CVE-2016-9016
published 2017-01-19CVE-2016-9016: Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
PriorityP343high8.8CVSS 3.0
AVLACLPRLUINSCCHIHAH
EPSS
0.35%
26.9th percentile
Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firejail | < firejail 0.9.44-1 (bookworm) | firejail 0.9.44-1 (bookworm) |
| firejail_project | firejail | — | — |
| firejail_project | firejail | >= 0 < 0.9.44-1 | 0.9.44-1 |
| firejail_project | firejail | >= 0 < 0.9.44-1 | 0.9.44-1 |
| firejail_project | firejail | >= 0 < 0.9.44-1 | 0.9.44-1 |
| firejail_project | firejail | >= 0 < 0.9.44-1 | 0.9.44-1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv8.8HIGH
vendor_debian8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2016-9016: firejail - Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of th...
vendor_debian·2016·CVSS 8.8
CVE-2016-9016 [HIGH] CVE-2016-9016: firejail - Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of th...
Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
Scope: local
bookworm: resolved (fixed in 0.9.44-1)
bullseye: resolved (fixed in 0.9.44-1)
forky: resolved (fixed in 0.9.44-1)
sid: resolved (fixed in 0.9.44-1)
trixie: resolved (fixed in 0.9.44-1)
VulDB
Firejail 0.9.38.4 Sandbox IOCTL Call access control (BID-93899)
vuldb·2026-05-14·CVSS 8.8
CVE-2016-9016 [HIGH] Firejail 0.9.38.4 Sandbox IOCTL Call access control (BID-93899)
A vulnerability labeled as problematic has been found in Firejail 0.9.38.4. This impacts an unknown function of the component Sandbox. The manipulation as part of IOCTL Call results in improper access controls.
This vulnerability is reported as CVE-2016-9016. The attack requires a local approach. No exploit exists.
GHSA
GHSA-5wqv-pw8v-69qc: Firejail 0
ghsa_unreviewed·2022-05-17
CVE-2016-9016 [HIGH] CWE-284 GHSA-5wqv-pw8v-69qc: Firejail 0
Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
OSV
CVE-2016-9016: Firejail 0
osv·2017-01-19·CVSS 8.8
CVE-2016-9016 [HIGH] CVE-2016-9016: Firejail 0
Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-01-19
Published