CVE-2023-28100

MEDIUM EPSS 54.3%
Published Mar 16, 20233y ago · Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Medium
Find Similar
Published Mar 16, 2023 3y ago
Last Modified Jun 17, 2026 2w ago

Description

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don't run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment.

CVSS Details

Base Score
6.5
Exploitability
2.0
Impact
4.0
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
54.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 4

VendorProductVersionRange
flatpakflatpak* <1.10.8
flatpakflatpak*≥1.12.0  –  <1.12.8
flatpakflatpak*≥1.14.0  –  <1.14.4
flatpakflatpak*≥1.15.0  –  <1.15.4

References 4

  • github.com https://github.com/flatpak/flatpak/commit/8e63de9a7d3124f91140fc74f8ca9ed73ed53be9
    Patch
  • github.com https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp
    PatchVendor Advisory
  • marc.info https://marc.info/?l=oss-security&m=167879021709955&w=2
    Mailing List
  • security.gentoo.org https://security.gentoo.org/glsa/202312-12

Remediation

  • github.com https://github.com/flatpak/flatpak/commit/8e63de9a7d3124f91140fc74f8ca9ed73ed53be9
    Patch
  • github.com https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp
    PatchVendor Advisory