Security restrictions bypass in WebKitGTK+ and WPE WebKit

#VU57811 Security restrictions bypass in WebKitGTK+ and WPE WebKit

Published: 2021-11-01

Vulnerability identifier: #VU57811

Vulnerability risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42762

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
WebKitGTK+
Server applications / Frameworks for developing and running applications
WPE WebKit
Server applications / Frameworks for developing and running applications

Vendor: WebKitGTK

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists in BubblewrapLauncher.cpp due to application allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox. A local user can abuse the VFS syscalls that manipulate its filesystem namespace and bypass implemented security restrictions. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 2.33.1 - 2.34.0

WPE WebKit: 2.33.1 - 2.34.0

External links
http://bugs.webkit.org/show_bug.cgi?id=231479
http://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
http://www.openwall.com/lists/oss-security/2021/10/26/9
http://www.openwall.com/lists/oss-security/2021/10/27/1
http://www.openwall.com/lists/oss-security/2021/10/27/2
http://www.openwall.com/lists/oss-security/2021/10/27/4
http://www.debian.org/security/2021/dsa-4996
http://www.debian.org/security/2021/dsa-4995
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5J2LZQTDX53DNSKSGU7TQYCO2HKSTY4/