CVE-2019-11460

Published: 22 April 2019

An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.

Priority

Cvss 3 Severity Score

9.0

Score breakdown

Status

Package	Release	Status
gnome-desktop3 Launchpad, Ubuntu, Debian	bionic	Released (3.28.2-0ubuntu1.3)
	cosmic	Released (3.30.1-1ubuntu1.1)
	disco	Released (3.32.1-1ubuntu1.1)
	trusty	Does not exist (trusty was needs-triage)
	upstream	Needs triage
	xenial	Not vulnerable (code not present)
	Patches: upstream: https://gitlab.gnome.org/GNOME/gnome-desktop/commit/02198486eb2d27928db86a685383ab4a0ff9b742 upstream: https://gitlab.gnome.org/GNOME/gnome-desktop/commit/83949ed5800ec99953f5ee8d2bf8b90a69daa850 upstream: https://gitlab.gnome.org/GNOME/gnome-desktop/commit/a5475e97c30682c0867bd99b78e7fe600129871a

Severity score breakdown

Parameter	Value
Base score	9.0
Attack vector	Network
Attack complexity	High
Privileges required	None
User interaction	None
Scope	Changed
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›