CVE-2023-28100: TIOCLINUX can send commands outside sandbox if running on a virtual console
Bug #2063035 reported by
Simon McVittie
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
flatpak (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
https:/
Fixed in 1.15.4, 1.10.x >= 1.10.8, 1.12.x >= 1.12.8, 1.14.x >= 1.14.4. At the time of writing, mantic and noble are OK but jammy, focal and bionic are likely to be vulnerable.
(This is a relatively low-impact vulnerability because it's unusual to run flatpak from a Linux virtual console.)
CVE References
information type: | Private Security → Public Security |
To post a comment you must log in.