CVE-2024-32462

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the --command argument of flatpak run expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass bwrap arguments to --command=, such as --bind. It's possible to pass an arbitrary commandline to the portal interface org.freedesktop.portal.Background.RequestBackground from within a Flatpak app. When this is converted into a --command and arguments, it achieves the same effect of passing arguments directly to bwrap, and thus can be used for a sandbox escape. The solution is to pass the -- argument to bwrap, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-88"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32462.json"
}

References

Affected packages

Git / github.com/flatpak/flatpak

Affected ranges

Type

GIT

Repo

https://github.com/flatpak/flatpak

Events

Introduced

Fixed

627e42b5e2648feccd8c8fda0a129f7215998899

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.10.9"
        }
    ]
}

Type

GIT

Repo

https://github.com/flatpak/flatpak

Events

Introduced

0cfd72442dd7301b0699725e25eb0552da3b5e98

Fixed

e7264e28ad3ede9439960c82cbdb59772080a579

Database specific

{
    "versions": [
        {
            "introduced": "1.12.0"
        },
        {
            "fixed": "1.12.9"
        }
    ]
}

Type

GIT

Repo

https://github.com/flatpak/flatpak

Events

Introduced

488038eed44c7edf334d1e28085975d96ce2bdcc

Fixed

3344a7a72ff2e3e728e31c846fff42bda14429dd

Database specific

{
    "versions": [
        {
            "introduced": "1.14.0"
        },
        {
            "fixed": "1.14.6"
        }
    ]
}

Type

GIT

Repo

https://github.com/flatpak/flatpak

Events

Introduced

e084a4f14befc27d08094baba8cc8f714d7e417d

Fixed

925c80f913d69e7ca424428823e1431c4ffb0deb

Database specific

{
    "versions": [
        {
            "introduced": "1.15.0"
        },
        {
            "fixed": "1.15.8"
        }
    ]
}

Affected versions

0.*

0.1

0.10.0

0.10.1

0.10.2

0.11.1

0.11.2

0.11.3

0.11.4

0.11.5

0.11.6

0.11.7

0.11.8

0.11.8.1

0.11.8.2

0.11.8.3

0.2

0.2.1

0.3

0.3.1

0.3.2

0.3.3

0.3.4

0.3.5

0.3.6

0.4.0

0.4.1

0.4.10

0.4.11

0.4.12

0.4.13

0.4.2

0.4.2.1

0.4.3

0.4.4

0.4.5

0.4.6

0.4.7

0.4.8

0.4.9

0.5.0

0.5.1

0.5.2

0.6.0

0.6.1

0.6.10

0.6.11

0.6.12

0.6.13

0.6.14

0.6.2

0.6.3

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.6.9

0.8.0

0.8.1

0.9.1

0.9.10

0.9.11

0.9.12

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9

0.9.98

0.9.98.1

0.9.98.2

0.9.99

0.99.1

0.99.2

0.99.3

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.1.0

1.1.1

1.1.2

1.1.3

1.10.0

1.10.1

1.10.2

1.10.3

1.10.4

1.10.5

1.10.6

1.10.7

1.10.8

1.12.0

1.12.1

1.12.2

1.12.3

1.12.4

1.12.5

1.12.6

1.12.7

1.12.8

1.14.0

1.14.1

1.14.2

1.14.3

1.14.4

1.14.5

1.15.0

1.15.1

1.15.2

1.15.3

1.15.4

1.15.6

1.15.7

1.2.0

1.2.1

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.4.0

1.5.0

1.5.1

1.5.2

1.6.0

1.6.1

1.6.2

1.7.1

1.7.2

1.7.3

1.8.0

1.9.1

1.9.2

1.9.3