Your submission was sent successfully! Close

CVE-2016-2568

Published: 13 February 2017

pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
policykit-1
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Deferred

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Deferred

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Deferred

jammy Deferred

precise Ignored
(end of ESM support, was deferred [2021-05-26])
trusty Deferred

upstream Needed

wily Ignored
(reached end-of-life)
xenial Deferred

yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)