CVE-2021-26910

Name of the Vulnerable Software and Affected Versions Firejail versions prior to 0.9.64.4

Description The issue is related to insufficient checking of the state of a shared resource in the OverlayFS SUID sandbox component of Firejail. This can allow an attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability is due to a TOCTOU race condition between a stat operation and an OverlayFS mount operation. Firejail uses mechanisms such as namespaces, AppArmor, and seccomp-bpf filtering in Linux for isolation, but it requires elevated privileges for setup, which it obtains through binding to the suid root utility or running via sudo.

Recommendations For Firejail versions prior to 0.9.64.4, update to version 0.9.64.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the OverlayFS mount operation to minimize the risk of exploitation. Additionally, restrict access to the suid root utility or running Firejail via sudo to reduce the attack surface.