Privilege Escalation via PR_SET_DUMPABLE Flag in Bubblewrap

Privilege Escalation via PR_SET_DUMPABLE Flag in Bubblewrap

CVE-2016-8659 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.

Learn more about our User Device Pen Test.