Incorrect calculation in libseccomp

#VU18322 Incorrect calculation in libseccomp

Published: 2019-04-19

Vulnerability identifier: #VU18322

Vulnerability risk: Low

CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9893

CWE-ID: CWE-682

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libseccomp
Universal components / Libraries / Libraries used by multiple products

Vendor: The libseccomp Project

Description

The vulnerability allows a local user to bypass certain security restrictions.

The vulnerability exists due to incorrect 64-bit syscall argument comparison when using arithmetic operators, such as LT, GT, LE, or GE. A local user can bypass seccomp filters and gain elevated privileges on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

libseccomp: 0.1.0 - 2.3.3

External links
http://github.com/seccomp/libseccomp/issues/139
http://seclists.org/oss-sec/2019/q1/179
http://security.gentoo.org/glsa/201904-18

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell EMC Cyber Recovery

Red Hat update for libseccomp

OpenSUSE Linux update for libseccomp

Ubuntu update for libseccomp

Gentoo update for libseccomp

Incorrect calculation in libseccomp (Alpine package)