CVE-2023-1523

CWE-74 CWE-269 — Improper Privilege Management7 documents7 sources

Severity

10.0CRITICAL

EPSS

0.1%

top 68.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Snapd Canonical Ubuntu Linux

Timeline

PublishedSep 1

Description

Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

▶NVDcanonical/snapd< 2.59.5

▶Debiansnapd< 2.59.5-1+1

Also affects: Ubuntu Linux 16.04, 18.04, 20.04, 22.04, 22.10, 23.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-55wx-23fj-c2v5: Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arb↗2023-09-01

▶

CVEList

CVE-2023-1523: Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arb↗2023-09-01

▶

OSV

CVE-2023-1523: Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arb↗2023-09-01

▶

GHSA

Ineffective privileges drop when requesting container network↗2023-07-25

▶

📋Vendor Advisories

Ubuntu

snapd vulnerability↗2023-05-31

▶

Debian

CVE-2023-1523: snapd - Using the TIOCLINUX ioctl request, a malicious snap could inject contents into t...↗2023

▶