Login Sign Up

CVE-2023-1523

10.0 CRITICAL

📋 TL;DR

This vulnerability allows malicious snaps to inject terminal input via TIOCLINUX ioctl, potentially executing arbitrary commands outside the snap sandbox after the snap exits. Only affects snaps running on virtual consoles (not graphical terminal emulators). Systems using snap packages on Linux virtual consoles are vulnerable.

💻 Affected Systems

Products:
  • snapd
Versions: snapd versions before 2.58.2
Operating Systems: Linux distributions using snap packages
Default Config Vulnerable: ⚠️ Yes
Notes: Only exploitable on virtual consoles (tty), not graphical terminal emulators like xterm or gnome-terminal.

📦 What is this software?

Snapd by Canonical

View all CVEs affecting Snapd →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root privileges through arbitrary command execution outside snap confinement.

🟠

Likely Case

Privilege escalation allowing malicious snaps to break out of sandbox and access host system resources.

🟢

If Mitigated

No impact if using graphical terminals or patched snapd versions.

🌐 Internet-Facing: LOW - Requires local access to virtual console.
🏢 Internal Only: MEDIUM - Internal users with snap access on virtual consoles could exploit.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires malicious snap package and virtual console access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: snapd 2.58.2

Vendor Advisory: https://ubuntu.com/security/notices/USN-6125-1

Restart Required: No

Instructions:

1. Update snapd: sudo snap refresh snapd 2. Verify version: snap version 3. Restart affected snaps if necessary.

🔧 Temporary Workarounds

Use graphical terminals

linux

Run snaps only in graphical terminal emulators (xterm, gnome-terminal, etc.) which are not vulnerable.

Disable TIOCLINUX ioctl

linux

Restrict TIOCLINUX ioctl usage through kernel parameters or security modules.

🧯 If You Can't Patch

  • Avoid running snaps on virtual consoles
  • Implement strict snap review policies to prevent malicious snaps

🔍 How to Verify

Check if Vulnerable:

Check snapd version: snap version | grep snapd

Check Version:

snap version | grep snapd

Verify Fix Applied:

Verify snapd version is 2.58.2 or higher: snap version

📡 Detection & Monitoring

Log Indicators:

  • Unusual TIOCLINUX ioctl calls from snap processes
  • Snap processes accessing terminal devices unexpectedly

Network Indicators:

  • Local-only exploit, no network indicators

SIEM Query:

process.name:snap* AND syscall.name:ioctl AND syscall.args.cmd:TIOCLINUX

📊 Metadata

CVE ID: CVE-2023-1523
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-74
Published: September 1, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1523, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)