libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libseccomp | Libseccomp_project | * | 2.4.0 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | libseccomp-0:2.4.1-1.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | libseccomp-0:2.4.1-1.el8 | * |
| Libseccomp | Ubuntu | bionic | * |
| Libseccomp | Ubuntu | cosmic | * |
| Libseccomp | Ubuntu | devel | * |
| Libseccomp | Ubuntu | disco | * |
| Libseccomp | Ubuntu | esm-infra-legacy/trusty | * |
| Libseccomp | Ubuntu | esm-infra/bionic | * |
| Libseccomp | Ubuntu | esm-infra/xenial | * |
| Libseccomp | Ubuntu | trusty | * |
| Libseccomp | Ubuntu | trusty/esm | * |
| Libseccomp | Ubuntu | upstream | * |
| Libseccomp | Ubuntu | xenial | * |
References
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html
- https://access.redhat.com/errata/RHSA-2019:3624
- https://github.com/seccomp/libseccomp/issues/139
- https://seclists.org/oss-sec/2019/q1/179
- https://security.gentoo.org/glsa/201904-18
- https://usn.ubuntu.com/4001-1/
- https://usn.ubuntu.com/4001-2/
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html
- https://access.redhat.com/errata/RHSA-2019:3624
- https://github.com/seccomp/libseccomp/issues/139
- https://seclists.org/oss-sec/2019/q1/179
- https://security.gentoo.org/glsa/201904-18
- https://usn.ubuntu.com/4001-1/
- https://usn.ubuntu.com/4001-2/