Vulnerability Details CVE-2019-9893
libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html
- https://access.redhat.com/errata/RHSA-2019:3624
- https://github.com/seccomp/libseccomp/issues/139
- https://seclists.org/oss-sec/2019/q1/179
- https://security.gentoo.org/glsa/201904-18
- https://usn.ubuntu.com/4001-1/
- https://usn.ubuntu.com/4001-2/
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html
- https://access.redhat.com/errata/RHSA-2019:3624
- https://github.com/seccomp/libseccomp/issues/139
- https://seclists.org/oss-sec/2019/q1/179
- https://security.gentoo.org/glsa/201904-18
- https://usn.ubuntu.com/4001-1/
- https://usn.ubuntu.com/4001-2/
Products affected by CVE-2019-9893
-
cpe:2.3:a:libseccomp_project:libseccomp:0.1.0
-
cpe:2.3:a:libseccomp_project:libseccomp:1.0.0
-
cpe:2.3:a:libseccomp_project:libseccomp:1.0.1
-
cpe:2.3:a:libseccomp_project:libseccomp:2.0.0
-
cpe:2.3:a:libseccomp_project:libseccomp:2.1.0
-
cpe:2.3:a:libseccomp_project:libseccomp:2.1.1
-
cpe:2.3:a:libseccomp_project:libseccomp:2.2.0
-
cpe:2.3:a:libseccomp_project:libseccomp:2.2.1
-
cpe:2.3:a:libseccomp_project:libseccomp:2.2.2
-
cpe:2.3:a:libseccomp_project:libseccomp:2.2.3
-
cpe:2.3:a:libseccomp_project:libseccomp:2.3.0
-
cpe:2.3:a:libseccomp_project:libseccomp:2.3.1
-
cpe:2.3:a:libseccomp_project:libseccomp:2.3.2
-
cpe:2.3:a:libseccomp_project:libseccomp:2.3.3