What is CVE-2020-5291?

CVE-2020-5291 is a vulnerability in the Bubblewrap (bwrap) software before version 0.4.1.

Is Bubblewrap affected by CVE-2020-5291?

Yes, Bubblewrap before version 0.4.1 is affected by CVE-2020-5291.

What is the severity of CVE-2020-5291?

CVE-2020-5291 has a severity rating of 7.8 (high).

How can CVE-2020-5291 be exploited?

CVE-2020-5291 can be exploited by using the `bwrap --userns2` option, which allows a setuid process to keep running as root while being traceable, leading to potential root privilege escalation.

How can I fix CVE-2020-5291?

To fix CVE-2020-5291, update Bubblewrap to version 0.4.1 or later.

Vulnerability/
CVE-2020-5291

high

8.5

CWE

269 648

31/3/2020

4/8/2024

CVE-2020-5291: Privilege escalation in setuid mode via user namespaces in Bubblewrap

First published: Tue Mar 31 2020(Updated: )

Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Projectatomic Bubblewrap	<0.4.1
Debian Debian Linux	=10.0
Archlinux Arch Linux
CentOS CentOS	=7.0

Remedy

https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-5291?
CVE-2020-5291 is a vulnerability in the Bubblewrap (bwrap) software before version 0.4.1.
Is Bubblewrap affected by CVE-2020-5291?
Yes, Bubblewrap before version 0.4.1 is affected by CVE-2020-5291.
What is the severity of CVE-2020-5291?
CVE-2020-5291 has a severity rating of 7.8 (high).
How can CVE-2020-5291 be exploited?
CVE-2020-5291 can be exploited by using the `bwrap --userns2` option, which allows a setuid process to keep running as root while being traceable, leading to potential root privilege escalation.
How can I fix CVE-2020-5291?
To fix CVE-2020-5291, update Bubblewrap to version 0.4.1 or later.

agent/references
agent/weakness
agent/type
collector/nvd-index
agent/software-canonical-lookup-request
agent/author
agent/remedy
agent/description
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/title
agent/first-publish-date
agent/tags
agent/event
vendor/projectatomic
canonical/projectatomic bubblewrap
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
vendor/archlinux
canonical/archlinux arch linux
vendor/centos
canonical/centos centos
version/centos centos/7.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.