CVE-2019-10063

Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9 CRITICAL
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
flatpakflatpak
𝑥
< 1.0.8
flatpakflatpak
1.1.0 ≤
𝑥
≤ 1.1.3
flatpakflatpak
1.2.0 ≤
𝑥
< 1.2.4
flatpakflatpak
1.3.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
flatpak
bookworm
1.14.10-1~deb12u1
fixed
bookworm (security)
1.14.10-1~deb12u1
fixed
bullseye
1.10.8-0+deb11u2
fixed
bullseye (security)
1.10.8-0+deb11u2
fixed
sid
1.14.10-1
fixed
trixie
1.14.10-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
flatpak
bionic
Fixed 1.0.8-0ubuntu0.18.04.1
released
cosmic
Fixed 1.0.8-0ubuntu0.18.10.1
released
disco
not-affected
trusty
dne
xenial
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
flatpak
suse enterprise desktop 15 SP1
1.2.3-2.12
fixed
suse enterprise desktop 15 SP2
1.6.3-2.7
fixed
suse enterprise desktop 15 SP3
1.10.2-4.6.1
fixed
suse enterprise desktop 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise desktop 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise sap 15 SP1
1.2.3-2.12
fixed
suse enterprise sap 15 SP2
1.6.3-2.7
fixed
suse enterprise sap 15 SP3
1.10.2-4.6.1
fixed
suse enterprise sap 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise sap 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise sap 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise sap 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise server 15 SP1
1.2.3-2.12
fixed
suse enterprise server 15 SP2
1.6.3-2.7
fixed
suse enterprise server 15 SP3
1.10.2-4.6.1
fixed
suse enterprise server 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise server 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise server 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise server 15 SP7
1.16.0-150600.3.6.1
fixed
flatpak-devel
suse enterprise desktop 15 SP1
1.2.3-2.12
fixed
suse enterprise desktop 15 SP2
1.6.3-2.7
fixed
suse enterprise desktop 15 SP3
1.10.2-4.6.1
fixed
suse enterprise desktop 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise desktop 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise sap 15 SP1
1.2.3-2.12
fixed
suse enterprise sap 15 SP2
1.6.3-2.7
fixed
suse enterprise sap 15 SP3
1.10.2-4.6.1
fixed
suse enterprise sap 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise sap 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise sap 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise sap 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise server 15 SP1
1.2.3-2.12
fixed
suse enterprise server 15 SP2
1.6.3-2.7
fixed
suse enterprise server 15 SP3
1.10.2-4.6.1
fixed
suse enterprise server 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise server 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise server 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise server 15 SP7
1.16.0-150600.3.6.1
fixed
flatpak-remote-flathub
suse enterprise desktop 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise desktop 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise sap 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise sap 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise sap 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise server 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise server 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise server 15 SP7
1.16.0-150600.3.6.1
fixed
flatpak-zsh-completion
suse enterprise desktop 15 SP1
1.2.3-2.12
fixed
suse enterprise desktop 15 SP2
1.6.3-2.7
fixed
suse enterprise desktop 15 SP3
1.10.2-4.6.1
fixed
suse enterprise desktop 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise desktop 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise sap 15 SP1
1.2.3-2.12
fixed
suse enterprise sap 15 SP2
1.6.3-2.7
fixed
suse enterprise sap 15 SP3
1.10.2-4.6.1
fixed
suse enterprise sap 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise sap 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise sap 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise sap 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise server 15 SP1
1.2.3-2.12
fixed
suse enterprise server 15 SP2
1.6.3-2.7
fixed
suse enterprise server 15 SP3
1.10.2-4.6.1
fixed
suse enterprise server 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise server 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise server 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise server 15 SP7
1.16.0-150600.3.6.1
fixed
libflatpak0
suse enterprise desktop 15 SP1
1.2.3-2.12
fixed
suse enterprise desktop 15 SP2
1.6.3-2.7
fixed
suse enterprise desktop 15 SP3
1.10.2-4.6.1
fixed
suse enterprise desktop 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise desktop 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise sap 15 SP1
1.2.3-2.12
fixed
suse enterprise sap 15 SP2
1.6.3-2.7
fixed
suse enterprise sap 15 SP3
1.10.2-4.6.1
fixed
suse enterprise sap 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise sap 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise sap 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise sap 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise server 15 SP1
1.2.3-2.12
fixed
suse enterprise server 15 SP2
1.6.3-2.7
fixed
suse enterprise server 15 SP3
1.10.2-4.6.1
fixed
suse enterprise server 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise server 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise server 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise server 15 SP7
1.16.0-150600.3.6.1
fixed
system-user-flatpak
suse enterprise desktop 15 SP2
1.6.3-2.7
fixed
suse enterprise desktop 15 SP3
1.10.2-4.6.1
fixed
suse enterprise desktop 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise desktop 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise sap 15 SP2
1.6.3-2.7
fixed
suse enterprise sap 15 SP3
1.10.2-4.6.1
fixed
suse enterprise sap 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise sap 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise sap 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise sap 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise server 15 SP2
1.6.3-2.7
fixed
suse enterprise server 15 SP3
1.10.2-4.6.1
fixed
suse enterprise server 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise server 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise server 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise server 15 SP7
1.16.0-150600.3.6.1
fixed
typelib-1_0-Flatpak-1_0
suse enterprise desktop 15 SP1
1.2.3-2.12
fixed
suse enterprise desktop 15 SP2
1.6.3-2.7
fixed
suse enterprise desktop 15 SP3
1.10.2-4.6.1
fixed
suse enterprise desktop 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise desktop 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise desktop 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise desktop 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise sap 15 SP1
1.2.3-2.12
fixed
suse enterprise sap 15 SP2
1.6.3-2.7
fixed
suse enterprise sap 15 SP3
1.10.2-4.6.1
fixed
suse enterprise sap 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise sap 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise sap 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise sap 15 SP7
1.16.0-150600.3.6.1
fixed
suse enterprise server 15 SP1
1.2.3-2.12
fixed
suse enterprise server 15 SP2
1.6.3-2.7
fixed
suse enterprise server 15 SP3
1.10.2-4.6.1
fixed
suse enterprise server 15 SP4
1.12.5-150400.1.11
fixed
suse enterprise server 15 SP5
1.14.4-150500.1.3
fixed
suse enterprise server 15 SP6
1.14.6-150600.1.2
fixed
suse enterprise server 15 SP7
1.16.0-150600.3.6.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
flatpak
RHEL 7
0:1.0.2-5.el7_6
fixed
RHEL 8
0:1.0.6-3.el8_0
fixed
RHEL 8.0 E4S
0:1.0.6-3.el8_0
fixed
flatpak-builder
RHEL 7
0:1.0.0-5.el7_6
fixed
flatpak-devel
RHEL 7
0:1.0.2-5.el7_6
fixed
flatpak-libs
RHEL 7
0:1.0.2-5.el7_6
fixed
RHEL 8
0:1.0.6-3.el8_0
fixed
RHEL 8.0 E4S
0:1.0.6-3.el8_0
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2019:1024
https://access.redhat.com/errata/RHSA-2019:1143
https://github.com/flatpak/flatpak/issues/2782
https://access.redhat.com/errata/RHSA-2019:1024
https://access.redhat.com/errata/RHSA-2019:1143
https://github.com/flatpak/flatpak/issues/2782