CVE-2021-42762

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions WebKitGTK versions prior to 2.34.1 WPE WebKit versions prior to 2.34.1

Description The issue is related to insecure privilege management in WebKitGTK and WPE WebKit, allowing a remote attacker to impact the integrity of protected information. It involves a limited sandbox bypass, where a sandboxed process can trick host processes into thinking it is not confined by the sandbox. This is achieved by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined.

Recommendations For WebKitGTK versions prior to 2.34.1, update to version 2.34.1 or later. For WPE WebKit versions prior to 2.34.1, update to version 2.34.1 or later. As a temporary workaround, consider restricting access to the BubblewrapLauncher.cpp module until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2021-3327

ALT-PU-2022-2162

BDU:2024-05804

CVE-2021-42762

DSA-4995-1

DSA-4996-1

GHSA-67H7-W3JQ-VH4Q

MGASA-2021-0498

OPENSUSE-SU-2021:1454-1

OPENSUSE-SU-2021:3603-1

OPENSUSE-SU-2021_1454-1

OPENSUSE-SU-2021_3603-1

RHSA-2025:10364

SUSE-SU-2021:3603-1

SUSE-SU-2021:3768-1

SUSE-SU-2021:3769-1

SUSE-SU-2021_3603-1

SUSE-SU-2021_3768-1

USN-5127-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Red Os

Suse

Ubuntu

Wpe Webkit

Webkitgtk

CVE-2021-42762

Weakness Enumeration

Related Identifiers

Affected Products

References · 52