CVE-2019-9893 in Ubuntu

CVE-2019-9893

Priority

Description

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument
comparisons using the arithmetic operators (LT, GT, LE, GE), which might
able to lead to bypassing seccomp filters and potential privilege
escalations.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893
https://www.openwall.com/lists/oss-security/2019/03/15/1
http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html
https://usn.ubuntu.com/usn/usn-4001-1
https://usn.ubuntu.com/usn/usn-4001-2

Notes

Package

Source: libseccomp (LP Ubuntu Debian)

Upstream:	released (2.4.0)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	released (2.4.1-0ubuntu0.14.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):	released (2.4.1-0ubuntu0.16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):	released (2.4.1-0ubuntu0.18.04.2)

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2020-09-10 06:34:44 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)