CVE-2019-9893
Description
libseccomp before 2.4.0 mishandles 64-bit syscall argument comparisons, allowing seccomp filter bypass and potential privilege escalation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
libseccomp before 2.4.0 mishandles 64-bit syscall argument comparisons, allowing seccomp filter bypass and potential privilege escalation.
Vulnerability
libseccomp versions before 2.4.0 contain a flaw in the generation of 64-bit syscall argument comparisons when using the arithmetic operators (LT, GT, LE, GE). This incorrect comparison logic can cause the seccomp filter to improperly evaluate syscall arguments, potentially allowing an attacker to bypass intended access restrictions [1][2][3][4].
Exploitation
An attacker with the ability to execute code on a system that uses libseccomp to filter syscalls can craft syscalls with specific argument values that exploit the flawed comparison generation. No special privileges or user interaction beyond code execution are required; the attacker simply needs to invoke the affected syscall path [2][3].
Impact
Successful exploitation allows an attacker to bypass seccomp filters, which may lead to unauthorized system call execution and potential privilege escalation. The exact impact depends on the seccomp policy in place, but the vulnerability can undermine the security guarantees provided by the filter [4].
Mitigation
The vulnerability is fixed in libseccomp version 2.4.0 and later. Red Hat Enterprise Linux 8 provides libseccomp 2.4.1 [1], Ubuntu provides updates via USN-4001-1 and USN-4001-2 [2][3], and Gentoo recommends upgrading to >=2.4.0 [4]. No workaround is available; upgrading the library is required [4].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
25v2.1.0, v2.1.1, v2.2.0+ 1 more
- (no CPE)range: v2.1.0, v2.1.1, v2.2.0
- (no CPE)range: <2.4.0
- osv-coords23 versionspkg:rpm/opensuse/libseccomp&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/libseccomp&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libseccomp&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libseccomp&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/libseccomp&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/libseccomp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/libseccomp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libseccomp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libseccomp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/libseccomp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/libseccomp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/libseccomp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/libseccomp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/libseccomp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libseccomp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libseccomp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libseccomp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libseccomp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libseccomp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/libseccomp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libseccomp&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/libseccomp&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/libseccomp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 2.4.1-lp150.2.3.1+ 22 more
- (no CPE)range: < 2.4.1-lp150.2.3.1
- (no CPE)range: < 2.4.1-lp151.3.3.1
- (no CPE)range: < 2.5.2-2.1
- (no CPE)range: < 2.4.1-11.3.2
- (no CPE)range: < 2.4.1-11.3.2
- (no CPE)range: < 2.4.1-11.3.2
- (no CPE)range: < 2.4.1-3.3.1
- (no CPE)range: < 2.4.1-3.3.1
- (no CPE)range: < 2.4.1-11.3.2
- (no CPE)range: < 2.4.1-11.3.2
- (no CPE)range: < 2.4.1-11.3.2
- (no CPE)range: < 2.4.1-11.3.2
- (no CPE)range: < 2.4.1-11.3.2
- (no CPE)range: < 2.4.1-11.3.2
- (no CPE)range: < 2.4.1-11.3.2
- (no CPE)range: < 2.4.1-11.3.2
- (no CPE)range: < 2.4.1-11.3.2
- (no CPE)range: < 2.4.1-11.3.2
- (no CPE)range: < 2.4.1-11.3.2
- (no CPE)range: < 2.4.1-11.3.2
- (no CPE)range: < 2.4.1-11.3.2
- (no CPE)range: < 2.4.1-11.3.2
- (no CPE)range: < 2.4.1-11.3.2
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
8- lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.htmlmitrevendor-advisoryx_refsource_SUSE
- access.redhat.com/errata/RHSA-2019:3624mitrevendor-advisoryx_refsource_REDHAT
- security.gentoo.org/glsa/201904-18mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4001-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4001-2/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/seccomp/libseccomp/issues/139mitrex_refsource_MISC
- seclists.org/oss-sec/2019/q1/179mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.