Critical severity10.0NVD Advisory· Published Mar 29, 2017· Updated May 13, 2026

CVE-2017-5226

Description

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.

Affected products

Projectatomic/Bubblewrap
cpe:2.3:a:projectatomic:bubblewrap:*:*:*:*:*:*:*:*
Range: <=0.1.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatch
github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117nvdPatch
github.com/projectatomic/bubblewrap/issues/142nvdExploitPatchVendor Advisory
www.securityfocus.com/bid/97260nvdThird Party AdvisoryVDB Entry
www.openwall.com/lists/oss-security/2020/07/10/1nvd
www.openwall.com/lists/oss-security/2023/03/17/1nvd
www.openwall.com/lists/oss-security/2023/03/14/2nvd

News mentions

No linked articles in our index yet.

cvss	0.650
epss	0.008
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000