CVE-2023-1523
CRITICALCanonical snapd <= 2.59.5 - TIOCLINUX Terminal Command Injection
Title source: manualDescription
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.
References (4)
Core 4
Core References
Third Party Advisory vendor-advisory
https://ubuntu.com/security/notices/USN-6125-1
Issue Tracking, Patch issue-tracking
https://github.com/snapcore/snapd/pull/12849
Exploit, Mailing List mailing-list
https://marc.info/?l=oss-security&m=167879021709955&w=2
Third Party Advisory issue-tracking
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523
Scores
CVSS v3
10.0
EPSS
0.0012
EPSS Percentile
31.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-74
Status
published
Products (7)
canonical/snapd
< 2.59.5
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
20.04
canonical/ubuntu_linux
22.04
canonical/ubuntu_linux
22.10
canonical/ubuntu_linux
23.04
Published
Sep 01, 2023
Tracked Since
Feb 18, 2026