#VU57811 Security restrictions bypass in WebKitGTK+ and WPE WebKit - CVE-2021-42762
Published: November 1, 2021
Vulnerability identifier: #VU57811
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-42762
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
WebKitGTK+
WPE WebKit
WebKitGTK+
WPE WebKit
Software vendor:
WebKitGTK
WebKitGTK
Description
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists in BubblewrapLauncher.cpp due to application allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox. A local user can abuse the VFS syscalls that manipulate its filesystem namespace and bypass implemented security restrictions. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined.
Remediation
Install updates from vendor's website.
External links
- https://bugs.webkit.org/show_bug.cgi?id=231479
- https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
- http://www.openwall.com/lists/oss-security/2021/10/26/9
- http://www.openwall.com/lists/oss-security/2021/10/27/1
- http://www.openwall.com/lists/oss-security/2021/10/27/2
- http://www.openwall.com/lists/oss-security/2021/10/27/4
- https://www.debian.org/security/2021/dsa-4996
- https://www.debian.org/security/2021/dsa-4995
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5J2LZQTDX53DNSKSGU7TQYCO2HKSTY4/