CVE-2020-5291Incorrect Use of Privileged APIs in Bubblewrap

CWE-648Incorrect Use of Privileged APIsCWE-269Improper Privilege Management9 documents7 sources
Severity
7.8HIGHNVD
CNA7.2
EPSS
0.2%
top 59.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Containers BubblewrapProjectatomic BubblewrapCentos+1 more
Timeline
PublishedMar 31
Latest updateApr 13

Description

Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5containers/bubblewrap< 0.4.1
NVDcentos/centos7.0

Also affects: Debian Linux 10.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
OSV
CVE-2020-5291: Bubblewrap (bwrap) before version 02020-03-31
CVEList
Privilege escalation in setuid mode via user namespaces in Bubblewrap2020-03-31

📋Vendor Advisories

3
Red Hat
bubblewrap: privilege escalation in some kernel configurations2020-03-31
Microsoft
Privilege escalation in setuid mode via user namespaces in Bubblewrap2020-03-10
Debian
CVE-2020-5291: bubblewrap - Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the ker...2020

💬Community

3
Bugzilla
CVE-2020-5291 bubblewrap: privilege escalation in some kernel configurations [epel-7]2020-04-13
Bugzilla
CVE-2020-5291 bubblewrap: privilege escalation in some kernel configurations [fedora-all]2020-04-13
Bugzilla
CVE-2020-5291 bubblewrap: privilege escalation in some kernel configurations2020-04-13
CVE-2020-5291 — Incorrect Use of Privileged APIs | cvebase