CVE-2017-5226

10.0 CRITICAL

Published: March 29, 2017 Modified: May 13, 2026

Description

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://www.openwall.com/lists/oss-security/2020/07/10/1

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2023/03/17/1

Source: cve@mitre.org

http://www.securityfocus.com/bid/97260

Source: cve@mitre.org

Third Party Advisory VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1411811

Source: cve@mitre.org

Issue Tracking Patch

https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117

Source: cve@mitre.org

Patch

https://github.com/projectatomic/bubblewrap/issues/142

Source: cve@mitre.org

Exploit Patch Vendor Advisory

https://www.openwall.com/lists/oss-security/2023/03/14/2

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2020/07/10/1