libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.

References:

• https://nvd.nist.gov/vuln/detail/CVE-2019-9893
• https://github.com/seccomp/libseccomp/issues/139

Affected branches:

• master (aa251917)
• 3.10-stable (aa251917)
• 3.9-stable (e657e009)
• 3.8-stable (d7288e99)
• 3.7-stable (WONTFIX, EOL)