CVE-2019-7303

Name of the Vulnerable Software and Affected Versions Canonical snapd versions prior to 2.37.4

Description The issue is related to a problem with seccomp filters in snapd, which can allow a strict mode snap to insert characters into a terminal on a 64-bit host. This is due to the seccomp rules being generated for 64-bit ioctl(2) commands, but the Linux kernel only using the lower 32 bits to determine which ioctl(2) commands to run. The vulnerability is also described as being related to insecure privilege management, which can be exploited to bypass existing access restrictions.

Recommendations For versions prior to 2.37.4, update to version 2.37.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the seccomp filters or the ioctl(2) commands to minimize the risk of exploitation.