UBUNTU-CVE-2021-41133

Source
https://ubuntu.com/security/CVE-2021-41133
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-41133.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-41133
Related
Published
2021-10-08T14:15:00Z
Modified
2021-10-08T14:15:00Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp filter, in order to substitute a crafted /.flatpak-info or make that file disappear entirely. Flatpak apps that act as clients for AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. This is due to the use of a proxy process xdg-dbus-proxy, whose VFS cannot be manipulated by the Flatpak app, when interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0, and as of time of publication, a patch for version 1.8.2 is being planned. There are no workarounds aside from upgrading to a patched version.

References

Affected packages

Ubuntu:18.04:LTS / flatpak

Package

Name
flatpak
Purl
pkg:deb/ubuntu/flatpak?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.9-0ubuntu0.4

Affected versions

0.*

0.8.7-5
0.10.0-1
0.10.0-2
0.10.1-1
0.10.2-1
0.10.2.1-1
0.10.2.1-2
0.10.3-1
0.11.1-0ubuntu1
0.11.3-2
0.11.3-3
0.11.7-0ubuntu0.1

1.*

1.0.1-0ubuntu0.1
1.0.6-0ubuntu0.1
1.0.7-0ubuntu0.18.04.1
1.0.8-0ubuntu0.18.04.1
1.0.9-0ubuntu0.1
1.0.9-0ubuntu0.2
1.0.9-0ubuntu0.3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.0.9-0ubuntu0.4",
            "binary_name": "flatpak"
        },
        {
            "binary_version": "1.0.9-0ubuntu0.4",
            "binary_name": "flatpak-dbgsym"
        },
        {
            "binary_version": "1.0.9-0ubuntu0.4",
            "binary_name": "flatpak-tests"
        },
        {
            "binary_version": "1.0.9-0ubuntu0.4",
            "binary_name": "flatpak-tests-dbgsym"
        },
        {
            "binary_version": "1.0.9-0ubuntu0.4",
            "binary_name": "gir1.2-flatpak-1.0"
        },
        {
            "binary_version": "1.0.9-0ubuntu0.4",
            "binary_name": "libflatpak-dev"
        },
        {
            "binary_version": "1.0.9-0ubuntu0.4",
            "binary_name": "libflatpak-doc"
        },
        {
            "binary_version": "1.0.9-0ubuntu0.4",
            "binary_name": "libflatpak0"
        },
        {
            "binary_version": "1.0.9-0ubuntu0.4",
            "binary_name": "libflatpak0-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / flatpak

Package

Name
flatpak
Purl
pkg:deb/ubuntu/flatpak?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.5-0ubuntu0.4

Affected versions

1.*

1.4.3-1
1.6.0-1
1.6.1-1
1.6.2-1
1.6.3-1
1.6.5-0ubuntu0.1
1.6.5-0ubuntu0.2
1.6.5-0ubuntu0.3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.6.5-0ubuntu0.4",
            "binary_name": "flatpak"
        },
        {
            "binary_version": "1.6.5-0ubuntu0.4",
            "binary_name": "flatpak-dbgsym"
        },
        {
            "binary_version": "1.6.5-0ubuntu0.4",
            "binary_name": "flatpak-tests"
        },
        {
            "binary_version": "1.6.5-0ubuntu0.4",
            "binary_name": "flatpak-tests-dbgsym"
        },
        {
            "binary_version": "1.6.5-0ubuntu0.4",
            "binary_name": "gir1.2-flatpak-1.0"
        },
        {
            "binary_version": "1.6.5-0ubuntu0.4",
            "binary_name": "libflatpak-dev"
        },
        {
            "binary_version": "1.6.5-0ubuntu0.4",
            "binary_name": "libflatpak-doc"
        },
        {
            "binary_version": "1.6.5-0ubuntu0.4",
            "binary_name": "libflatpak0"
        },
        {
            "binary_version": "1.6.5-0ubuntu0.4",
            "binary_name": "libflatpak0-dbgsym"
        }
    ]
}

Ubuntu:22.04:LTS / flatpak

Package

Name
flatpak
Purl
pkg:deb/ubuntu/flatpak?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.12.2-1

Affected versions

1.*

1.10.2-3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.12.2-1",
            "binary_name": "flatpak"
        },
        {
            "binary_version": "1.12.2-1",
            "binary_name": "flatpak-dbgsym"
        },
        {
            "binary_version": "1.12.2-1",
            "binary_name": "flatpak-tests"
        },
        {
            "binary_version": "1.12.2-1",
            "binary_name": "flatpak-tests-dbgsym"
        },
        {
            "binary_version": "1.12.2-1",
            "binary_name": "gir1.2-flatpak-1.0"
        },
        {
            "binary_version": "1.12.2-1",
            "binary_name": "libflatpak-dev"
        },
        {
            "binary_version": "1.12.2-1",
            "binary_name": "libflatpak-doc"
        },
        {
            "binary_version": "1.12.2-1",
            "binary_name": "libflatpak0"
        },
        {
            "binary_version": "1.12.2-1",
            "binary_name": "libflatpak0-dbgsym"
        }
    ]
}