Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.
History

Tue, 01 Oct 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2023-09-01T18:41:47.820Z

Updated: 2024-10-01T13:08:45.851Z

Reserved: 2023-03-20T17:41:17.600Z

Link: CVE-2023-1523

cve-icon Vulnrichment

Updated: 2024-08-02T05:49:11.645Z

cve-icon NVD

Status : Modified

Published: 2023-09-01T19:15:42.707

Modified: 2024-11-21T07:39:21.537

Link: CVE-2023-1523

cve-icon Redhat

No data.