Описание
In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499
A flaw was found in the Linux kernel's seccomp implementation which contained a method to bypass seccomp syscall filtering policies that allowed ptrace. This could allow an attacker with code execution privileges within the sandbox to use ptrace to execute systemcalls that would be filtered by the policy.
Отчет
Red Hat has considers this CVE as with a 'Moderate' severity due specific conditions required to bypass seccomp. The attacker must have code execution privileges within the seccomp-restricted sandbox and the ptrace syscall should be allowed to be ran, from this perspective this CVE is understood more as a sandbox hardening issue than a important security flaw that'd impact system's core integrity. The outcomes of a possible exploitation is limited to process that are already running within an restricted environment.
Additionally this behavior is clearly defined in the seccomp manual page.
After reviewing this CVE, Red Hat Enterprise Linux 8 is marked as Not Affected. This decision is based in the fact of the Linux Kernel version shipped already contains the necessary patches which changes the execution order between ptrace and seccomp calls, making seccomp validates and eventual system call changes executed by the ptrace functionality.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Will not fix | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Will not fix | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise MRG 2 | kernel-rt | Out of support scope |
Показывать по
Дополнительная информация
Статус:
8.4 High
CVSS3
Связанные уязвимости
In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499
In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499
In the seccomp implementation prior to kernel version 4.8, there is a ...
In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499
Уязвимость компонента seccomp ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
8.4 High
CVSS3