Vulnerability Details : CVE-2023-1523
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.
Products affected by CVE-2023-1523
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-1523
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-1523
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
NIST | |
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
Canonical Ltd. |
CWE ids for CVE-2023-1523
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-1523
-
https://marc.info/?l=oss-security&m=167879021709955&w=2
'Re: [oss-security] TTY pushback vulnerabilities / TIOCSTI' - MARCExploit;Mailing List
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523
CVE - CVE-2023-1523Third Party Advisory
-
https://github.com/snapcore/snapd/pull/12849
many: introduce seccomp denylist to block ioctl with TIOCLINUX to fix CVE-2023-1523 by alexmurray · Pull Request #12849 · snapcore/snapd · GitHubIssue Tracking;Patch
-
https://ubuntu.com/security/notices/USN-6125-1
USN-6125-1: snapd vulnerability | Ubuntu security notices | UbuntuThird Party Advisory
Jump to