CVE-2017-5226 – CVE-2017-5226 is a critical sandbox escape vuln... (How to Fix)

Q: What is the severity of CVE-2017-5226?

CVE-2017-5226 has a CVSS score of 10.0 (CRITICAL). CVE-2017-5226 is a critical sandbox escape vulnerability in bubblewrap that allows unprivileged processes to inject terminal commands into the parent session using the TIOCSTI ioctl. This affects any system using bubblewrap for sandboxing applications, particularly container runtimes and Linux desktop applications. Attackers can break out of the sandbox and execute arbitrary commands with the privileges of the parent process.

📋 TL;DR

CVE-2017-5226 is a critical sandbox escape vulnerability in bubblewrap that allows unprivileged processes to inject terminal commands into the parent session using the TIOCSTI ioctl. This affects any system using bubblewrap for sandboxing applications, particularly container runtimes and Linux desktop applications. Attackers can break out of the sandbox and execute arbitrary commands with the privileges of the parent process.

💻 Affected Systems

Products:

bubblewrap
Flatpak
podman
containers using bubblewrap for sandboxing

Versions: bubblewrap versions before commit d7fc532c42f0e9bf427923bab85433282b3e5117 (Jan 2017)

Operating Systems: Linux distributions using bubblewrap

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using bubblewrap with the --unshare-ipc flag or similar configurations that create terminal sessions is vulnerable.

📦 What is this software?

Bubblewrap by Projectatomic

View all CVEs affecting Bubblewrap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via privilege escalation from unprivileged user to root, allowing installation of persistent malware, data exfiltration, and lateral movement.

🟠

Likely Case

Sandbox escape leading to execution of arbitrary commands with the privileges of the parent bubblewrap process, potentially gaining elevated privileges on the host system.

🟢

If Mitigated

Limited impact if bubblewrap is used with minimal privileges and proper isolation controls, though sandbox integrity would still be compromised.

🌐 Internet-Facing: MEDIUM - Exploitation requires access to a sandboxed application, which may be exposed through web services or containerized applications.

🏢 Internal Only: HIGH - Internal users with access to sandboxed applications can exploit this to escalate privileges and compromise systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to execute code within the bubblewrap sandbox. The TIOCSTI technique is well-documented and easy to implement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: bubblewrap with commit d7fc532c42f0e9bf427923bab85433282b3e5117 or later

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=1411811

Restart Required: No

Instructions:

1. Update bubblewrap package using your distribution's package manager. 2. For Flatpak: Update to version 0.8.7 or later. 3. For podman/containers: Ensure underlying bubblewrap is updated. 4. Rebuild any containers using vulnerable bubblewrap versions.

🔧 Temporary Workarounds

Disable TIOCSTI ioctl

linux

Block the TIOCSTI ioctl at the kernel level using seccomp filters or disable terminal session sharing in bubblewrap.

bwrap --unshare-all --seccomp 10 /path/to/program
echo 0 > /proc/sys/kernel/tiocsti

Run without terminal session

linux

Avoid sharing terminal sessions between bubblewrap and parent process.

bwrap --unshare-ipc --unshare-net --unshare-pid --unshare-uts --unshare-cgroup --unshare-user /path/to/program

🧯 If You Can't Patch

Isolate bubblewrap processes using namespaces and cgroups to limit blast radius
Implement strict seccomp profiles to block TIOCSTI and other dangerous syscalls

🔍 How to Verify

Check if Vulnerable:

Check bubblewrap version: bwrap --version | grep -q 'd7fc532c42f0e9bf427923bab85433282b3e5117' && echo 'Patched' || echo 'Vulnerable'

Check Version:

bwrap --version

Verify Fix Applied:

Test with a proof-of-concept that attempts TIOCSTI injection; successful patch will prevent command injection.

📡 Detection & Monitoring

Log Indicators:

Unusual terminal input sequences from bubblewrap processes
Failed TIOCSTI ioctl attempts in audit logs

Network Indicators:

Sudden outbound connections from bubblewrap processes

SIEM Query:

process.name='bwrap' AND syscall.name='ioctl' AND syscall.args.cmd='TIOCSTI'

📊 Metadata

CVE ID: CVE-2017-5226

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-20

Published: March 29, 2017

Last Updated: April 20, 2025

🔗 References

http://www.openwall.com/lists/oss-security/2020/07/10/1
http://www.openwall.com/lists/oss-security/2023/03/17/1
http://www.securityfocus.com/bid/97260 Third Party Advisory,VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1411811 Issue Tracking,Patch
https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117 Patch
https://github.com/projectatomic/bubblewrap/issues/142 Exploit,Patch,Vendor Advisory
https://www.openwall.com/lists/oss-security/2023/03/14/2
http://www.openwall.com/lists/oss-security/2020/07/10/1
http://www.openwall.com/lists/oss-security/2023/03/17/1
http://www.securityfocus.com/bid/97260 Third Party Advisory,VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1411811 Issue Tracking,Patch
https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117 Patch
https://github.com/projectatomic/bubblewrap/issues/142 Exploit,Patch,Vendor Advisory
https://www.openwall.com/lists/oss-security/2023/03/14/2

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-5226, you might also want to check these: