libseccomp: An incorrect generation of syscall filters (CVE-2019-9893) (#10867) · Issues · alpine / aports

libseccomp: An incorrect generation of syscall filters (CVE-2019-9893)

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.

References:

https://nvd.nist.gov/vuln/detail/CVE-2019-9893
https://github.com/seccomp/libseccomp/issues/139

Affected branches:

Edited Jan 23, 2020 by Natanael Copa

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information