Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators (LT, GT, LE, GE). An attacker could use this to bypass intended access restrictions for argument-filtered system calls.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libseccomp-dev", "binary_version": "2.4.1-0ubuntu0.16.04.2" }, { "binary_name": "libseccomp2", "binary_version": "2.4.1-0ubuntu0.16.04.2" }, { "binary_name": "libseccomp2-dbgsym", "binary_version": "2.4.1-0ubuntu0.16.04.2" }, { "binary_name": "seccomp", "binary_version": "2.4.1-0ubuntu0.16.04.2" }, { "binary_name": "seccomp-dbgsym", "binary_version": "2.4.1-0ubuntu0.16.04.2" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libseccomp-dev", "binary_version": "2.4.1-0ubuntu0.18.04.2" }, { "binary_name": "libseccomp2", "binary_version": "2.4.1-0ubuntu0.18.04.2" }, { "binary_name": "libseccomp2-dbgsym", "binary_version": "2.4.1-0ubuntu0.18.04.2" }, { "binary_name": "seccomp", "binary_version": "2.4.1-0ubuntu0.18.04.2" }, { "binary_name": "seccomp-dbgsym", "binary_version": "2.4.1-0ubuntu0.18.04.2" } ] }