CVE-2020-13753 - log back

CVE-2020-13753 edited at 14 Jul 2020 15:34:03
Severity
- Unknown
+ High
Remote
- Unknown
+ Local
Type
- Unknown
+ Sandbox escape
Description
+ The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg- desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal’s input buffer, similar to CVE-2017-5226.
References
+ https://webkitgtk.org/security/WSA-2020-0006.html#CVE-2020-13753
Notes
CVE-2020-13753 created at 10 Jul 2020 12:31:24