Vulnerability CVE-2019-9893: Information

Description

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-9893
Published: March 21, 2019
Modified: Aug. 24, 2020

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libseccompsisyphus2.4.0-alt12.5.5-alt1ALT-PU-2019-1495-1225532Fixed
libseccompp102.4.0-alt12.5.4-alt2ALT-PU-2019-1495-1225532Fixed
libseccompp92.4.0-alt12.4.2-alt2ALT-PU-2019-1495-1225532Fixed
libseccompp82.4.0-alt12.4.0-alt1ALT-PU-2019-1564-1225578Fixed
libseccompc10f12.4.0-alt12.5.4-alt2ALT-PU-2019-1495-1225532Fixed
libseccompc9f22.4.0-alt12.5.3-alt1ALT-PU-2019-1495-1225532Fixed
libseccompp112.4.0-alt12.5.5-alt1ALT-PU-2019-1495-1225532Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://seclists.org/oss-sec/2019/q1/179
  • Mailing List
  • Patch
  • Third Party Advisory
https://github.com/seccomp/libseccomp/issues/139
  • Patch
GLSA-201904-18
    USN-4001-1
      USN-4001-2
        openSUSE-SU-2019:2283
          openSUSE-SU-2019:2280
            RHSA-2019:3624

                1. Configuration 1

                  cpe:2.3:a:libseccomp_project:libseccomp:*:*:*:*:*:*:*:*
                  End excliding
                  2.4.0
              VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
              Version: v24.5.3
              Back to top