CVE - CVE-2023-1523

CVE-ID
CVE-2023-1523	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523 URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523 MISC:https://github.com/snapcore/snapd/pull/12849 URL:https://github.com/snapcore/snapd/pull/12849 MISC:https://marc.info/?l=oss-security&m=167879021709955&w=2 URL:https://marc.info/?l=oss-security&m=167879021709955&w=2 MISC:https://ubuntu.com/security/notices/USN-6125-1 URL:https://ubuntu.com/security/notices/USN-6125-1
Assigning CNA
Canonical Ltd.
Date Record Created
20230320	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20230320)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)