#VU18322 Incorrect calculation in libseccomp - CVE-2019-9893

Cybersecurity Help s.r.o.

Published: 2019-04-19

Vulnerability identifier: #VU18322

Vulnerability risk: Low

CVSSv4.0: 0 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-9893

CWE-ID: CWE-682

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libseccomp
Universal components / Libraries / Libraries used by multiple products

Vendor: The libseccomp Project

Description

The vulnerability allows a local user to bypass certain security restrictions.

The vulnerability exists due to incorrect 64-bit syscall argument comparison when using arithmetic operators, such as LT, GT, LE, or GE. A local user can bypass seccomp filters and gain elevated privileges on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

libseccomp: 0.1.0 - 2.3.3

External links
https://github.com/seccomp/libseccomp/issues/139
https://seclists.org/oss-sec/2019/q1/179
https://security.gentoo.org/glsa/201904-18

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Rockwell Automation DataMosaix Private Cloud

Multiple vulnerabilities in Dell EMC Cyber Recovery

Red Hat update for libseccomp

OpenSUSE Linux update for libseccomp

Ubuntu update for libseccomp

Gentoo update for libseccomp

Incorrect calculation in libseccomp (Alpine package)