BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| webkitgtk | webkitgtk | 2.34.1 | - |
| wpewebkit | wpe_webkit | 2.34.1 | - |
| fedoraproject | fedora | - |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
7
Affected Products
22
References
webkitgtk / webkitgtk
| - |
| fedoraproject | fedora | - | - |
| fedoraproject | fedora | - | - |
| debian | debian_linux | - | - |
| debian | debian_linux | - | - |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability
Impact