cbcvebase.
CVE-2017-5226
published 2017-03-29

CVE-2017-5226: When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into…

PriorityP348critical10CVSS 3.0
AVNACLPRNUINSCCHIHAH
EPSS
3.17%
86.4th percentile
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.

Affected

38 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debianbubblewrap< bubblewrap 0.1.5-2 (bookworm)bubblewrap 0.1.5-2 (bookworm)
debiandebian_linux
debianflatpak< flatpak 1.2.3-2 (bookworm)flatpak 1.2.3-2 (bookworm)
debianflatpak< flatpak 1.14.4-1 (bookworm)flatpak 1.14.4-1 (bookworm)
debianwebkit2gtk< webkit2gtk 2.28.3-1 (bookworm)webkit2gtk 2.28.3-1 (bookworm)
debianwpewebkit< webkit2gtk 2.28.3-1 (bookworm)webkit2gtk 2.28.3-1 (bookworm)
fedoraprojectfedora
flatpakflatpak< 1.10.81.10.8
flatpakflatpak< 1.10.81.10.8
flatpakflatpak< 1.0.81.0.8
flatpakflatpak
flatpakflatpak
flatpakflatpak
flatpakflatpak
flatpakflatpak>= 0 < 1.10.8-0+deb11u11.10.8-0+deb11u1
flatpakflatpak>= 0 < 1.2.3-21.2.3-2
flatpakflatpak>= 0 < 1.14.4-11.14.4-1
flatpakflatpak>= 0 < 1.2.3-21.2.3-2
flatpakflatpak>= 0 < 1.14.4-11.14.4-1
flatpakflatpak>= 0 < 1.2.3-21.2.3-2
flatpakflatpak>= 0 < 1.14.4-11.14.4-1
flatpakflatpak>= 0 < 1.2.3-21.2.3-2

CVSS provenance

nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.