CVE-2016-2568

Published: 13 February 2017

pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
policykit-1
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 21.04 (Hirsute Hippo) Deferred

Ubuntu 20.04 LTS (Focal Fossa) Deferred

Ubuntu 18.04 LTS (Bionic Beaver) Deferred

Ubuntu 16.04 ESM (Xenial Xerus) Deferred

Ubuntu 14.04 ESM (Trusty Tahr) Deferred