http://bugzilla.opensuse.org/show_bug.cgi?id=1181990 Bug ID: 1181990 Summary: VUL-0: CVE-2021-26910: firejail: root privilege escalation due to race condition Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other URL: https://smash.suse.de/issue/277467/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: sebix+novell.com@sebix.at Reporter: atoptsoglou@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2021-26910 Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26910 http://www.openwall.com/lists/oss-security/2021/02/09/1 http://seclists.org/oss-sec/2021/q1/122 https://github.com/netblue30/firejail/releases/tag/0.9.64.4 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26910 https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-... https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26910 https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d84... -- You are receiving this mail because: You are on the CC list for the bug.