Main Vulnerability Database Vulnerabilities #VU20504

Input validation error in gnome-desktop - CVE-2019-11460

Published: September 2, 2019

Vulnerability identifier: #VU20504

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-11460

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Gnome Development Team

Affected software:
gnome-desktop

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper filtering of the TIOCSTI ioctl on 64-bit systems. A remote attacker can compromise the thumbnailer and escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal.

How to mitigate CVE-2019-11460

Install updates from vendor's website.

Sources

https://gitlab.gnome.org/GNOME/gnome-desktop/issues/112

Input validation error in gnome-desktop - CVE-2019-11460

Detailed vulnerability description

How to mitigate CVE-2019-11460

Sources

Please verify you're human