Oval Definition:oval:org.opensuse.security:def:202141133
Revision Date:2023-06-22Version:1
Title:CVE-2021-41133
Description:

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp filter, in order to substitute a crafted `/.flatpak-info` or make that file disappear entirely. Flatpak apps that act as clients for AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. This is due to the use of a proxy process `xdg-dbus-proxy`, whose VFS cannot be manipulated by the Flatpak app, when interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0, and as of time of publication, a patch for version 1.8.2 is being planned. There are no workarounds aside from upgrading to a patched version.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2021-41133
SUSE CVE-2021-41133
SUSE-SU-2021:3472-1
openSUSE-SU-2021:1400-1
openSUSE-SU-2021:3472-1
SUSE-SU-2022:3284-1
SUSE-SU-2022:3439-1
Platform(s):openSUSE Leap 15.2
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Tumbleweed
SUSE CaaS Platform 4.0
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise Desktop 15 SP4
SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
SUSE Linux Enterprise Module for Desktop Applications 15 SP4
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE Linux Enterprise Storage 7
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
Product(s):
Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • flatpak-1.10.5-lp152.3.9.1 is installed
  • AND flatpak is signed with openSUSE key
  • OR
  • flatpak-devel-1.10.5-lp152.3.9.1 is installed
  • AND flatpak-devel is signed with openSUSE key
  • OR
  • flatpak-zsh-completion-1.10.5-lp152.3.9.1 is installed
  • AND flatpak-zsh-completion is signed with openSUSE key
  • OR
  • libflatpak0-1.10.5-lp152.3.9.1 is installed
  • AND libflatpak0 is signed with openSUSE key
  • OR
  • system-user-flatpak-1.10.5-lp152.3.9.1 is installed
  • AND system-user-flatpak is signed with openSUSE key
  • OR
  • typelib-1_0-Flatpak-1_0-1.10.5-lp152.3.9.1 is installed
  • AND typelib-1_0-Flatpak-1_0 is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Leap 15.3 is installed
  • AND Package Information
  • flatpak-1.10.5-4.9.1 is installed
  • AND flatpak is signed with openSUSE key
  • OR
  • flatpak-devel-1.10.5-4.9.1 is installed
  • AND flatpak-devel is signed with openSUSE key
  • OR
  • flatpak-zsh-completion-1.10.5-4.9.1 is installed
  • AND flatpak-zsh-completion is signed with openSUSE key
  • OR
  • libflatpak0-1.10.5-4.9.1 is installed
  • AND libflatpak0 is signed with openSUSE key
  • OR
  • system-user-flatpak-1.10.5-4.9.1 is installed
  • AND system-user-flatpak is signed with openSUSE key
  • OR
  • typelib-1_0-Flatpak-1_0-1.10.5-4.9.1 is installed
  • AND typelib-1_0-Flatpak-1_0 is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • flatpak-1.12.1-1.1 is installed
  • OR flatpak-devel-1.12.1-1.1 is installed
  • OR flatpak-zsh-completion-1.12.1-1.1 is installed
  • OR libflatpak0-1.12.1-1.1 is installed
  • OR system-user-flatpak-1.12.1-1.1 is installed
  • OR typelib-1_0-Flatpak-1_0-1.12.1-1.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP2 is installed
  • AND Package Information
  • flatpak-1.10.5-4.9.1 is installed
  • OR flatpak-devel-1.10.5-4.9.1 is installed
  • OR flatpak-zsh-completion-1.10.5-4.9.1 is installed
  • OR libflatpak0-1.10.5-4.9.1 is installed
  • OR system-user-flatpak-1.10.5-4.9.1 is installed
  • OR typelib-1_0-Flatpak-1_0-1.10.5-4.9.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP2 is installed
  • OR SUSE Linux Enterprise Module for Desktop Applications 15 SP3 is installed
  • AND Package Information
  • flatpak-1.10.5-4.9.1 is installed
  • OR flatpak-devel-1.10.5-4.9.1 is installed
  • OR flatpak-zsh-completion-1.10.5-4.9.1 is installed
  • OR libflatpak0-1.10.5-4.9.1 is installed
  • OR system-user-flatpak-1.10.5-4.9.1 is installed
  • OR typelib-1_0-Flatpak-1_0-1.10.5-4.9.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP3 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP3 is installed
  • OR SUSE Linux Enterprise Module for Desktop Applications 15 SP3 is installed
  • OR SUSE Linux Enterprise Server 15 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
  • OR SUSE Linux Enterprise Storage 7.1 is installed
  • OR SUSE Manager Proxy 4.2 is installed
  • OR SUSE Manager Retail Branch Server 4.2 is installed
  • OR SUSE Manager Server 4.2 is installed
  • AND Package Information
  • flatpak-1.10.5-4.9.1 is installed
  • OR flatpak-devel-1.10.5-4.9.1 is installed
  • OR flatpak-zsh-completion-1.10.5-4.9.1 is installed
  • OR libflatpak0-1.10.5-4.9.1 is installed
  • OR system-user-flatpak-1.10.5-4.9.1 is installed
  • OR typelib-1_0-Flatpak-1_0-1.10.5-4.9.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE CaaS Platform 4.0 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND Package Information
  • flatpak is affected
  • OR flatpak-devel is affected
  • OR flatpak-zsh-completion is affected
  • OR libflatpak0 is affected
  • OR typelib-1_0-Flatpak-1_0 is affected
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND Package Information
  • flatpak is affected
  • OR flatpak-devel is affected
  • OR flatpak-zsh-completion is affected
  • OR libflatpak0 is affected
  • OR typelib-1_0-Flatpak-1_0 is affected
    • Definition Synopsis
  • openSUSE Leap 15.4 is installed
  • AND Package Information
  • flatpak-1.12.5-150400.1.11 is installed
  • AND flatpak is signed with openSUSE key
  • OR
  • libflatpak0-1.12.5-150400.1.11 is installed
  • AND libflatpak0 is signed with openSUSE key
  • OR
  • system-user-flatpak-1.12.5-150400.1.11 is installed
  • AND system-user-flatpak is signed with openSUSE key
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP4 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP4 is installed
  • OR SUSE Linux Enterprise Module for Desktop Applications 15 SP4 is installed
  • OR SUSE Linux Enterprise Server 15 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
  • OR SUSE Manager Proxy 4.3 is installed
  • OR SUSE Manager Retail Branch Server 4.3 is installed
  • OR SUSE Manager Server 4.3 is installed
  • AND Package Information
  • flatpak-1.12.5-150400.1.11 is installed
  • OR flatpak-devel-1.12.5-150400.1.11 is installed
  • OR flatpak-zsh-completion-1.12.5-150400.1.11 is installed
  • OR libflatpak0-1.12.5-150400.1.11 is installed
  • OR system-user-flatpak-1.12.5-150400.1.11 is installed
  • OR typelib-1_0-Flatpak-1_0-1.12.5-150400.1.11 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Desktop Applications 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND Package Information
  • flatpak-1.14.4-150500.1.3 is installed
  • OR flatpak-devel-1.14.4-150500.1.3 is installed
  • OR flatpak-remote-flathub-1.14.4-150500.1.3 is installed
  • OR flatpak-zsh-completion-1.14.4-150500.1.3 is installed
  • OR libflatpak0-1.14.4-150500.1.3 is installed
  • OR system-user-flatpak-1.14.4-150500.1.3 is installed
  • OR typelib-1_0-Flatpak-1_0-1.14.4-150500.1.3 is installed
    • BACK