ID CVE-2019-9893
Summary libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.
References
Vulnerable Configurations
  • cpe:2.3:a:libseccomp_project:libseccomp:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:libseccomp_project:libseccomp:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libseccomp_project:libseccomp:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:libseccomp_project:libseccomp:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libseccomp_project:libseccomp:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:libseccomp_project:libseccomp:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libseccomp_project:libseccomp:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:libseccomp_project:libseccomp:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libseccomp_project:libseccomp:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:libseccomp_project:libseccomp:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libseccomp_project:libseccomp:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:libseccomp_project:libseccomp:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libseccomp_project:libseccomp:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:libseccomp_project:libseccomp:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libseccomp_project:libseccomp:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:libseccomp_project:libseccomp:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libseccomp_project:libseccomp:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:libseccomp_project:libseccomp:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libseccomp_project:libseccomp:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:libseccomp_project:libseccomp:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libseccomp_project:libseccomp:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:libseccomp_project:libseccomp:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libseccomp_project:libseccomp:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:libseccomp_project:libseccomp:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libseccomp_project:libseccomp:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:libseccomp_project:libseccomp:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libseccomp_project:libseccomp:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:libseccomp_project:libseccomp:2.3.3:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 1690897
title CVE-2019-9893 libseccomp: incorrect generation of syscall filters in libseccomp
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • comment libseccomp is earlier than 0:2.4.1-1.el8
          oval oval:com.redhat.rhsa:tst:20193624001
        • comment libseccomp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193624002
      • AND
        • comment libseccomp-debugsource is earlier than 0:2.4.1-1.el8
          oval oval:com.redhat.rhsa:tst:20193624003
        • comment libseccomp-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193624004
      • AND
        • comment libseccomp-devel is earlier than 0:2.4.1-1.el8
          oval oval:com.redhat.rhsa:tst:20193624005
        • comment libseccomp-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193624006
rhsa
id RHSA-2019:3624
released 2019-11-05
severity Moderate
title RHSA-2019:3624: libseccomp security, bug fix, and enhancement update (Moderate)
rpms
  • libseccomp-0:2.4.1-1.el8
  • libseccomp-debuginfo-0:2.4.1-1.el8
  • libseccomp-debugsource-0:2.4.1-1.el8
  • libseccomp-devel-0:2.4.1-1.el8
  • libseccomp-devel-debuginfo-0:2.4.1-1.el8
refmap via4
gentoo GLSA-201904-18
misc
suse
  • openSUSE-SU-2019:2280
  • openSUSE-SU-2019:2283
ubuntu
  • USN-4001-1
  • USN-4001-2
Last major update 24-08-2020 - 17:37
Published 21-03-2019 - 16:01
Last modified 24-08-2020 - 17:37
Back to Top