CVE-2019-7303

Note

this is a kernel limitation that is documented in the seccomp man
page, but arguably the kernel should perform the seccomp filter check on the
value that it is ultimately going to process (which likely means an
improvement to libseccomp to generate the appropriate BPF to do this)
this was further complicated by the fact that the kernel and glibc
disagree on the function prototype of ioctl, where the glibc man page
documents it as unsigned long and the kernel treats it as int (note, the
tty_ioctl man page (which is the one that documents TIOCSTI) lists the ioctl
second argument as an int)
due to miscoordination, 2.37.4 is going to -updates first as part of
the regular SRU cycle. Once that passes, we'll rebuild and publish to the
security pocket and issue a USN.
once this issue is public, the global profile initialization code
that is used to address this issue will also be made public

Package	Release	Status
snapd Launchpad, Ubuntu, Debian	upstream	Released (2.37.4)
	xenial	Released (2.37.4)
	bionic	Released (2.37.4+18.04)
	cosmic	Released (2.37.4+18.10)
	trusty	Released (2.37.4~14.04)
	Patches: upstream: https://github.com/snapcore/snapd/pull/6516 (part 1) upstream: https://github.com/snapcore/snapd/pull/6533 (part 2)

Parameter	Value
Base score	7.5
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	High
Availability impact	None
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Security

CVE-2019-7303

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading