Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.
Metrics
Affected Vendors & Products
References
History
Tue, 01 Oct 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: canonical
Published: 2023-09-01T18:41:47.820Z
Updated: 2024-10-01T13:08:45.851Z
Reserved: 2023-03-20T17:41:17.600Z
Link: CVE-2023-1523
Vulnrichment
Updated: 2024-08-02T05:49:11.645Z
NVD
Status : Modified
Published: 2023-09-01T19:15:42.707
Modified: 2024-11-21T07:39:21.537
Link: CVE-2023-1523
Redhat
No data.