{"api_version":"1","generated_at":"2026-04-23T09:53:00+00:00","cve":"CVE-2023-1523","urls":{"html":"https://cve.report/CVE-2023-1523","api":"https://cve.report/api/cve/CVE-2023-1523.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-1523","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-1523"},"summary":{"title":"CVE-2023-1523","description":"Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.","state":"PUBLIC","assigner":"security@ubuntu.com","published_at":"2023-09-01 19:15:00","updated_at":"2023-09-08 17:17:00"},"problem_types":["CWE-74"],"metrics":[],"references":[{"url":"https://ubuntu.com/security/notices/USN-6125-1","name":"https://ubuntu.com/security/notices/USN-6125-1","refsource":"MISC","tags":[],"title":"USN-6125-1: snapd vulnerability | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523","name":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523","refsource":"MISC","tags":[],"title":"CVE -\nCVE-2023-1523","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/snapcore/snapd/pull/12849","name":"https://github.com/snapcore/snapd/pull/12849","refsource":"MISC","tags":[],"title":"many: introduce seccomp denylist to block ioctl with TIOCLINUX to fix CVE-2023-1523 by alexmurray · Pull Request #12849 · snapcore/snapd · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://marc.info/?l=oss-security&m=167879021709955&w=2","name":"https://marc.info/?l=oss-security&m=167879021709955&w=2","refsource":"MISC","tags":[],"title":"'Re: [oss-security] TTY pushback vulnerabilities / TIOCSTI' - MARC","mime":"text/x-c","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-1523","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1523","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"1523","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"canonical","cpe5":"snapd","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1523","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"esm","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1523","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"esm","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1523","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"20.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1523","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"22.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1523","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"22.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1523","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"23.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-1523","qid":"199381","title":"Ubuntu Security Notification for snapd Vulnerability (USN-6125-1)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-1523","ASSIGNER":"security@ubuntu.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Canonical Ltd.","product":{"product_data":[{"product_name":"snapd","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"status":"unaffected","version":"2.59.5"}]}}]}}]}}]}},"references":{"reference_data":[{"url":"https://ubuntu.com/security/notices/USN-6125-1","refsource":"MISC","name":"https://ubuntu.com/security/notices/USN-6125-1"},{"url":"https://github.com/snapcore/snapd/pull/12849","refsource":"MISC","name":"https://github.com/snapcore/snapd/pull/12849"},{"url":"https://marc.info/?l=oss-security&m=167879021709955&w=2","refsource":"MISC","name":"https://marc.info/?l=oss-security&m=167879021709955&w=2"},{"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523","refsource":"MISC","name":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523"}]},"impact":{"cvss":[{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10,"baseSeverity":"CRITICAL"}]}},"nvd":{"publishedDate":"2023-09-01 19:15:00","lastModifiedDate":"2023-09-08 17:17:00","problem_types":["CWE-74"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":10,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*","versionEndExcluding":"2.59.5","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}