Privilege Escalation via PR_SET_DUMPABLE Flag in Bubblewrap
CVE-2016-8659 · MEDIUM Severity
AV:L/AC:M/AU:N/C:C/I:C/A:C
Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.
Learn more about our User Device Pen Test.