CVE-2023-1523
First published: Fri Sep 01 2023(Updated: )
Last updated 24 July 2024
Credit: security@ubuntu.com security@ubuntu.com security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Canonical snapd | <2.59.5 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =20.04 | |
| Canonical Ubuntu Linux | =22.04 | |
| Canonical Ubuntu Linux | =22.10 | |
| Canonical Ubuntu Linux | =23.04 | |
| debian/snapd | <=2.49-1+deb11u2<=2.57.6-1 | 2.65.3-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523
- https://github.com/snapcore/snapd/pull/12849
- https://marc.info/?l=oss-security&m=167879021709955&w=2
- https://ubuntu.com/security/notices/USN-6125-1
- https://marc.info/?l=oss-security&m=167879021709955&w=2
- https://launchpad.net/bugs/cve/CVE-2023-1523
- https://github.com/snapcore/snapd/commit/e4681c57bd5805c8d2dec5c3ddf7d85ebf1d2c4c
- https://github.com/snapcore/snapd/commit/dddcfd6ac8daa84feb80eb6fd88f852ced70629c
- https://github.com/snapcore/snapd/commit/52af545f3c0d8b086500ab86f161703905638951
- https://github.com/snapcore/snapd/commit/e5e823b442aec364e81c9cb805dc2fce34c41b8b
- https://github.com/snapcore/snapd/commit/8ad5a73e753828175c9fbbf03e518bb42d773979
- https://github.com/snapcore/snapd/commit/64cf6b0048385d921b25361d55ddfd524880c738
- https://github.com/snapcore/snapd/commit/2e93f91e1350f965a356748a3ddcff275207df12
- https://github.com/snapcore/snapd/commit/390dc62a71884c0463e2411fb13f5bd5abdc7442
- https://security-tracker.debian.org/tracker/CVE-2023-1523
- https://www.cve.org/CVERecord?id=CVE-2023-1523
- https://nvd.nist.gov/vuln/detail/CVE-2023-1523
- https://ubuntu.com/security/CVE-2023-1523
Frequently Asked Questions
What is the severity of CVE-2023-1523?
The severity of CVE-2023-1523 is critical with a severity value of 10.
Which software is affected by CVE-2023-1523?
The affected software is snapd, specifically versions 2.58+18.04.1, 2.58+20.04.1, 2.58+22.04.1, 2.58+22.10.1, 2.59.1+23.04ubuntu1.1, 2.59.5-1, and 2.54.3+16.04.0ubuntu0.1~.
How can a malicious snap exploit CVE-2023-1523?
By using the TIOCLINUX ioctl request, a malicious snap can inject arbitrary contents into the input of the controlling terminal, allowing it to execute arbitrary commands outside of the snap sandbox after the snap exits.
What are the affected versions of Ubuntu for CVE-2023-1523?
The affected versions of Ubuntu are 16.04, 18.04, 20.04, 22.04, and 22.10.
How can I fix CVE-2023-1523?
To fix CVE-2023-1523, update snapd to version 2.58+18.04.1, 2.58+20.04.1, 2.58+22.04.1, 2.58+22.10.1, 2.59.1+23.04ubuntu1.1, 2.59.5-1, or 2.54.3+16.04.0ubuntu0.1~ depending on your system's version.
- collector/nvd-api
- collector/nvd-index
- collector/launchpad-cve
- source/Launchpad
- agent/type
- agent/first-publish-date
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/weakness
- agent/remedy
- agent/author
- agent/description
- agent/severity
- agent/event
- agent/references
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- vendor/canonical
- canonical/canonical snapd
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/20.04
- version/canonical ubuntu linux/22.04
- version/canonical ubuntu linux/22.10
- version/canonical ubuntu linux/23.04
- package-manager/debian