Launchpad.net

CVE 2021-42762

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.

Related bugs and status

CVE-2021-42762 (Candidate) is related to these bugs:

Bug #1970779: Upgrade to 2.36.7 for Focal and Jammy

		In	Importance	Status
1970779	Upgrade to 2.36.7 for Focal and Jammy	wpewebkit (Ubuntu)	Medium	Incomplete
1970779	Upgrade to 2.36.7 for Focal and Jammy	wpewebkit (Ubuntu Jammy)	Undecided	Confirmed
1970779	Upgrade to 2.36.7 for Focal and Jammy	wpewebkit (Ubuntu Focal)	Undecided	Confirmed

Bug #1970783: Multiple vulnerabilities in Bionic

Summary				In	Importance	Status
	1970783	Multiple vulnerabilities in Bionic		webkit2gtk (Ubuntu)	Wishlist	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2021-42762

Related bugs and status

Related bugs

References