libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.
CPE | Name | Operator | Version |
---|---|---|---|
libseccomp | eq | 2.3.1-r0 | |
libseccomp | eq | 2.2.1-r0 | |
libseccomp | eq | 2.3.3-r1 | |
libseccomp | eq | 2.3.0-r0 | |
libseccomp | eq | 2.3.2-r0 | |
libseccomp | eq | 2.2.0 | |
libseccomp | eq | 2.1.1 | |
libseccomp | eq | 2.1.0 | |
libseccomp | eq | 2.3.2-r1 |
lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html
lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html
access.redhat.com/errata/RHSA-2019:3624
github.com/seccomp/libseccomp/issues/139
seclists.org/oss-sec/2019/q1/179
security.gentoo.org/glsa/201904-18
usn.ubuntu.com/4001-1/
usn.ubuntu.com/4001-2/