CVE-2017-5226

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
projectatomicbubblewrap
𝑥
≤ 0.1.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bubblewrap
bookworm
0.8.0-2+deb12u1
fixed
bookworm (security)
0.8.0-2+deb12u1
fixed
bullseye
0.4.1-3
fixed
sid
0.11.0-1
fixed
trixie
0.11.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bubblewrap
artful
ignored
bionic
not-affected
precise
dne
trusty
dne
xenial
dne
yakkety
ignored
zesty
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
bubblewrap
suse enterprise desktop 15
0.2.0-1.49
fixed
suse enterprise desktop 15 SP1
0.3.1-4.31
fixed
suse enterprise desktop 15 SP5
0.7.0-150500.1.1
fixed
suse enterprise desktop 15 SP6
0.8.0-150500.3.3.1
fixed
suse enterprise desktop 15 SP7
0.11.0-150500.3.9.1
fixed
suse enterprise sap 15
0.2.0-1.49
fixed
suse enterprise sap 15 SP1
0.3.1-4.31
fixed
suse enterprise sap 15 SP5
0.7.0-150500.1.1
fixed
suse enterprise sap 15 SP6
0.8.0-150500.3.3.1
fixed
suse enterprise sap 15 SP7
0.11.0-150500.3.9.1
fixed
suse enterprise server 15
0.2.0-1.49
fixed
suse enterprise server 15 SP1
0.3.1-4.31
fixed
suse enterprise server 15 SP5
0.7.0-150500.1.1
fixed
suse enterprise server 15 SP6
0.8.0-150500.3.3.1
fixed
suse enterprise server 15 SP7
0.11.0-150500.3.9.1
fixed
bubblewrap-zsh-completion
suse enterprise desktop 15 SP5
0.7.0-150500.1.1
fixed
suse enterprise desktop 15 SP6
0.8.0-150500.3.3.1
fixed
suse enterprise desktop 15 SP7
0.11.0-150500.3.9.1
fixed
suse enterprise sap 15 SP5
0.7.0-150500.1.1
fixed
suse enterprise sap 15 SP6
0.8.0-150500.3.3.1
fixed
suse enterprise sap 15 SP7
0.11.0-150500.3.9.1
fixed
suse enterprise server 15 SP5
0.7.0-150500.1.1
fixed
suse enterprise server 15 SP6
0.8.0-150500.3.3.1
fixed
suse enterprise server 15 SP7
0.11.0-150500.3.9.1
fixed
flatpak
suse enterprise desktop 15
0.10.4-2.42
fixed
suse enterprise desktop 15 SP1
1.2.3-2.12
fixed
suse enterprise desktop 15 SP2
1.6.3-2.7
fixed
suse enterprise desktop 15 SP3
1.10.2-4.6.1
fixed
suse enterprise desktop 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise desktop 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise sap 15
0.10.4-2.42
fixed
suse enterprise sap 15 SP1
1.2.3-2.12
fixed
suse enterprise sap 15 SP2
1.6.3-2.7
fixed
suse enterprise sap 15 SP3
1.10.2-4.6.1
fixed
suse enterprise sap 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise sap 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise sap 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise sap 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise server 15
0.10.4-2.42
fixed
suse enterprise server 15 SP1
1.2.3-2.12
fixed
suse enterprise server 15 SP2
1.6.3-2.7
fixed
suse enterprise server 15 SP3
1.10.2-4.6.1
fixed
suse enterprise server 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise server 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise server 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise server 15 SP7
1.16.0-150600.3.6.1
fixed
flatpak-devel
suse enterprise desktop 15
0.10.4-2.42
fixed
suse enterprise desktop 15 SP1
1.2.3-2.12
fixed
suse enterprise desktop 15 SP2
1.6.3-2.7
fixed
suse enterprise desktop 15 SP3
1.10.2-4.6.1
fixed
suse enterprise desktop 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise desktop 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise sap 15
0.10.4-2.42
fixed
suse enterprise sap 15 SP1
1.2.3-2.12
fixed
suse enterprise sap 15 SP2
1.6.3-2.7
fixed
suse enterprise sap 15 SP3
1.10.2-4.6.1
fixed
suse enterprise sap 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise sap 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise sap 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise sap 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise server 15
0.10.4-2.42
fixed
suse enterprise server 15 SP1
1.2.3-2.12
fixed
suse enterprise server 15 SP2
1.6.3-2.7
fixed
suse enterprise server 15 SP3
1.10.2-4.6.1
fixed
suse enterprise server 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise server 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise server 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise server 15 SP7
1.16.0-150600.3.6.1
fixed
flatpak-remote-flathub
suse enterprise desktop 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise desktop 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise sap 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise sap 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise sap 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise server 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise server 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise server 15 SP7
1.16.0-150600.3.6.1
fixed
flatpak-zsh-completion
suse enterprise desktop 15 SP1
1.2.3-2.12
fixed
suse enterprise desktop 15 SP2
1.6.3-2.7
fixed
suse enterprise desktop 15 SP3
1.10.2-4.6.1
fixed
suse enterprise desktop 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise desktop 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise sap 15 SP1
1.2.3-2.12
fixed
suse enterprise sap 15 SP2
1.6.3-2.7
fixed
suse enterprise sap 15 SP3
1.10.2-4.6.1
fixed
suse enterprise sap 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise sap 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise sap 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise sap 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise server 15 SP1
1.2.3-2.12
fixed
suse enterprise server 15 SP2
1.6.3-2.7
fixed
suse enterprise server 15 SP3
1.10.2-4.6.1
fixed
suse enterprise server 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise server 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise server 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise server 15 SP7
1.16.0-150600.3.6.1
fixed
libflatpak0
suse enterprise desktop 15
0.10.4-2.42
fixed
suse enterprise desktop 15 SP1
1.2.3-2.12
fixed
suse enterprise desktop 15 SP2
1.6.3-2.7
fixed
suse enterprise desktop 15 SP3
1.10.2-4.6.1
fixed
suse enterprise desktop 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise desktop 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise sap 15
0.10.4-2.42
fixed
suse enterprise sap 15 SP1
1.2.3-2.12
fixed
suse enterprise sap 15 SP2
1.6.3-2.7
fixed
suse enterprise sap 15 SP3
1.10.2-4.6.1
fixed
suse enterprise sap 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise sap 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise sap 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise sap 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise server 15
0.10.4-2.42
fixed
suse enterprise server 15 SP1
1.2.3-2.12
fixed
suse enterprise server 15 SP2
1.6.3-2.7
fixed
suse enterprise server 15 SP3
1.10.2-4.6.1
fixed
suse enterprise server 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise server 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise server 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise server 15 SP7
1.16.0-150600.3.6.1
fixed
system-user-flatpak
suse enterprise desktop 15 SP2
1.6.3-2.7
fixed
suse enterprise desktop 15 SP3
1.10.2-4.6.1
fixed
suse enterprise desktop 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise desktop 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise sap 15 SP2
1.6.3-2.7
fixed
suse enterprise sap 15 SP3
1.10.2-4.6.1
fixed
suse enterprise sap 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise sap 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise sap 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise sap 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise server 15 SP2
1.6.3-2.7
fixed
suse enterprise server 15 SP3
1.10.2-4.6.1
fixed
suse enterprise server 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise server 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise server 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise server 15 SP7
1.16.0-150600.3.6.1
fixed
typelib-1_0-Flatpak-1_0
suse enterprise desktop 15
0.10.4-2.42
fixed
suse enterprise desktop 15 SP1
1.2.3-2.12
fixed
suse enterprise desktop 15 SP2
1.6.3-2.7
fixed
suse enterprise desktop 15 SP3
1.10.2-4.6.1
fixed
suse enterprise desktop 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise desktop 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise sap 15
0.10.4-2.42
fixed
suse enterprise sap 15 SP1
1.2.3-2.12
fixed
suse enterprise sap 15 SP2
1.6.3-2.7
fixed
suse enterprise sap 15 SP3
1.10.2-4.6.1
fixed
suse enterprise sap 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise sap 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise sap 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise sap 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise server 15
0.10.4-2.42
fixed
suse enterprise server 15 SP1
1.2.3-2.12
fixed
suse enterprise server 15 SP2
1.6.3-2.7
fixed
suse enterprise server 15 SP3
1.10.2-4.6.1
fixed
suse enterprise server 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise server 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise server 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise server 15 SP7
1.16.0-150600.3.6.1
fixed
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2020/07/10/1
http://www.openwall.com/lists/oss-security/2023/03/17/1
http://www.securityfocus.com/bid/97260
https://bugzilla.redhat.com/show_bug.cgi?id=1411811
https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117
https://github.com/projectatomic/bubblewrap/issues/142
https://www.openwall.com/lists/oss-security/2023/03/14/2
http://www.openwall.com/lists/oss-security/2020/07/10/1
http://www.openwall.com/lists/oss-security/2023/03/17/1
http://www.securityfocus.com/bid/97260
https://bugzilla.redhat.com/show_bug.cgi?id=1411811
https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117
https://github.com/projectatomic/bubblewrap/issues/142
https://www.openwall.com/lists/oss-security/2023/03/14/2