Vulnerability Details : CVE-2023-28100
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don't run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment.
Vulnerability category: Input validation
Products affected by CVE-2023-28100
- cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*
- cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*
- cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*
- cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-28100
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-28100
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
2.0
|
4.0
|
NIST | |
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
GitHub, Inc. |
CWE ids for CVE-2023-28100
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: security-advisories@github.com (Secondary)
References for CVE-2023-28100
-
https://marc.info/?l=oss-security&m=167879021709955&w=2
'Re: [oss-security] TTY pushback vulnerabilities / TIOCSTI' - MARCMailing List
-
https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp
CVE-2023-28100: TIOCLINUX can send commands outside sandbox if running on a virtual console · Advisory · flatpak/flatpak · GitHubPatch;Vendor Advisory
-
https://security.gentoo.org/glsa/202312-12
Flatpak: Multiple Vulnerabilities (GLSA 202312-12) — Gentoo security
-
https://github.com/flatpak/flatpak/commit/8e63de9a7d3124f91140fc74f8ca9ed73ed53be9
run: Prevent TIOCLINUX ioctl, the same as TIOCSTI · flatpak/flatpak@8e63de9 · GitHubPatch
Jump to