Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 819522 (CVE-2021-42762) - <net-libs/webkit-gtk-2.34.1: limited sandbox escape (CVE-2021-42762)
Summary: <net-libs/webkit-gtk-2.34.1: limited sandbox escape (CVE-2021-42762)
Alias: CVE-2021-42762
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: A4 [glsa+]
Depends on: CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30848, CVE-2021-30849, CVE-2021-30851, CVE-2021-30884, CVE-2021-30888, CVE-2021-30889, CVE-2021-30897, WSA-2021-0006 CVE-2021-30887, CVE-2021-30890 830597
  Show dependency tree
Reported: 2021-10-22 20:03 UTC by John Helmert III
Modified: 2022-02-01 03:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-22 20:03:39 UTC

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.

Please file a stablereq when ready.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-01 03:40:48 UTC
commit d2418b0a913a694a55e21440268b44301931867c
Author: John Helmert III <>
Date:   Mon Jan 31 21:31:04 2022 -0600

    [ GLSA 202202-01 ] WebkitGTK+: Multiple vulnerabilities

    Signed-off-by: John Helmert III <>

All done!