CVE - CVE-2021-41133

CVE-ID
CVE-2021-41133	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp filter, in order to substitute a crafted `/.flatpak-info` or make that file disappear entirely. Flatpak apps that act as clients for AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. This is due to the use of a proxy process `xdg-dbus-proxy`, whose VFS cannot be manipulated by the Flatpak app, when interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0, and as of time of publication, a patch for version 1.8.2 is being planned. There are no workarounds aside from upgrading to a patched version.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q URL:https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q DEBIAN:DSA-4984 URL:https://www.debian.org/security/2021/dsa-4984 FEDORA:FEDORA-2021-4b201d15e6 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5656ONDP2MGKIJMKEC7N2NXCV27WGTC/ FEDORA:FEDORA-2021-c5a9c85737 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5DKCYRC6MFSTFCUP4DELCOUUP3SFEFX/ GENTOO:GLSA-202312-12 URL:https://security.gentoo.org/glsa/202312-12 MISC:https://github.com/flatpak/flatpak/commit/1330662f33a55e88bfe18e76de28b7922d91a999 URL:https://github.com/flatpak/flatpak/commit/1330662f33a55e88bfe18e76de28b7922d91a999 MISC:https://github.com/flatpak/flatpak/commit/26b12484eb8a6219b9e7aa287b298a894b2f34ca URL:https://github.com/flatpak/flatpak/commit/26b12484eb8a6219b9e7aa287b298a894b2f34ca MISC:https://github.com/flatpak/flatpak/commit/462fca2c666e0cd2b60d6d2593a7216a83047aaf URL:https://github.com/flatpak/flatpak/commit/462fca2c666e0cd2b60d6d2593a7216a83047aaf MISC:https://github.com/flatpak/flatpak/commit/4c34815784e9ffda5733225c7d95824f96375e36 URL:https://github.com/flatpak/flatpak/commit/4c34815784e9ffda5733225c7d95824f96375e36 MISC:https://github.com/flatpak/flatpak/commit/89ae9fe74c6d445bb1b3a40e568d77cf5de47e48 URL:https://github.com/flatpak/flatpak/commit/89ae9fe74c6d445bb1b3a40e568d77cf5de47e48 MISC:https://github.com/flatpak/flatpak/commit/9766ee05b1425db397d2cf23afd24c7f6146a69f URL:https://github.com/flatpak/flatpak/commit/9766ee05b1425db397d2cf23afd24c7f6146a69f MISC:https://github.com/flatpak/flatpak/commit/a10f52a7565c549612c92b8e736a6698a53db330 URL:https://github.com/flatpak/flatpak/commit/a10f52a7565c549612c92b8e736a6698a53db330 MISC:https://github.com/flatpak/flatpak/commit/e26ac7586c392b5eb35ff4609fe232c52523b2cf URL:https://github.com/flatpak/flatpak/commit/e26ac7586c392b5eb35ff4609fe232c52523b2cf MLIST:[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 URL:http://www.openwall.com/lists/oss-security/2021/10/26/9
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20210915	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20210915)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)