CVE-2024-42472 Overview
CVE-2024-42472 is a critical sandbox escape vulnerability in Flatpak, the Linux application sandboxing and distribution framework. A malicious or compromised Flatpak application using persistent directories can access and write files outside of its intended sandbox boundaries, compromising both system integrity and confidentiality.
The vulnerability exploits the persistent (--persist) permission mechanism in Flatpak. When persistent=subdir is configured, an application that otherwise lacks access to the real user home directory is presented with an empty home directory containing a writeable subdirectory. This subdirectory is actually a bind mount with data stored in ~/.var/app/$APPID/subdir. By replacing the source directory with a symlink, an attacker can cause the bind mount to follow the symlink on the next application startup, effectively mounting arbitrary directories into the sandbox.
Critical Impact
This vulnerability allows complete sandbox escape, enabling malicious Flatpak applications to read and write arbitrary files on the host system outside their designated sandbox boundaries.
Affected Products
- Flatpak versions prior to 1.14.10 (stable branch)
- Flatpak versions prior to 1.15.10 (development branch)
- Debian Linux 11.0
Discovery Timeline
- August 15, 2024 - CVE-2024-42472 published to NVD
- August 19, 2025 - Last updated in NVD database
Technical Details for CVE-2024-42472
Vulnerability Analysis
This vulnerability represents a Symlink Attack (CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component) that undermines Flatpak's core sandboxing guarantees.
When the persistent permission is used, Flatpak creates bind mounts to allow sandboxed applications to maintain state across sessions without granting full home directory access. The critical flaw lies in how Flatpak handles the source directory for these bind mounts. Since the application retains write access to its application directory at ~/.var/app/$APPID, it can replace the legitimate source directory with a symbolic link pointing to any location on the filesystem.
Upon the next application launch, Flatpak follows the symlink when establishing the bind mount, effectively mounting the symlink's target into the sandbox with full read/write access. This breaks the fundamental security model of containerized applications.
Initial patches (commits ceec2ffc and 98f79773) provided partial protection but left a race condition exploitable when two instances of a malicious application run in parallel. Complete remediation requires updating both Flatpak and bubblewrap to support the new --bind-fd option, which closes the race condition window.
Root Cause
The root cause is insufficient validation of the source directory for persistent bind mounts. Flatpak fails to verify that the source directory hasn't been replaced with a symlink before establishing the bind mount. The application's write access to the ~/.var/app/$APPID directory creates the conditions necessary for exploitation.
Additionally, the original fix introduced a Time-of-Check Time-of-Use (TOCTOU) race condition. Between verifying the directory type and establishing the bind mount, an attacker could swap a legitimate directory for a symlink, requiring the --bind-fd enhancement in bubblewrap to properly remediate.
Attack Vector
The attack requires a malicious or compromised Flatpak application with the persistent permission enabled. The attack sequence proceeds as follows:
- A malicious Flatpak app is installed with --persist=subdir permission
- The application runs and has write access to ~/.var/app/$APPID/
- The attacker replaces the legitimate subdir directory with a symlink pointing to a sensitive location (e.g., ~/.ssh, ~/.gnupg, or system configuration directories)
- On next application launch, Flatpak follows the symlink when creating the bind mount
- The targeted directory is now accessible within the sandbox with full read/write permissions
This attack is particularly dangerous because users may install seemingly legitimate applications that later reveal malicious behavior, or legitimate applications may be compromised to exploit this vulnerability.
Detection Methods for CVE-2024-42472
Indicators of Compromise
- Unexpected symbolic links within ~/.var/app/*/ directories pointing outside the application directory
- Flatpak applications with unexplained access to sensitive user files such as SSH keys, GPG keyrings, or browser data
- Suspicious file modifications in user home directories that correlate with Flatpak application launches
- Audit logs showing bind mount operations targeting unexpected filesystem locations
Detection Strategies
- Monitor for symlink creation within ~/.var/app/ directories using filesystem auditing tools like auditd
- Implement file integrity monitoring on sensitive directories to detect unauthorized access patterns
- Review installed Flatpak applications for those using the persistent permission with flatpak info --show-permissions
- Check Flatpak and bubblewrap versions against patched releases (Flatpak >= 1.14.10 or >= 1.15.10)
Monitoring Recommendations
- Deploy endpoint detection to alert on unusual bind mount activity or symlink manipulation within application data directories
- Enable audit logging for the ~/.var/app/ directory tree to capture filesystem modifications
- Monitor for multiple concurrent instances of the same Flatpak application, which may indicate race condition exploitation attempts
- Track Flatpak application launches in correlation with sensitive file access events
How to Mitigate CVE-2024-42472
Immediate Actions Required
- Update Flatpak to version 1.14.10 (stable branch) or 1.15.10 (development branch) immediately
- Update bubblewrap to version 0.6.3 (for Flatpak 1.14.x) or 0.10.0 (for Flatpak 1.15.x) if using system bubblewrap
- Audit installed Flatpak applications and remove any untrusted applications using the persistent permission
- Review application permissions using flatpak info --show-permissions <app-id> for all installed applications
Patch Information
Official patches are available through multiple commits addressing various aspects of the vulnerability:
- Flatpak Security Advisory GHSA-7hgv-f2j8-xw87 provides comprehensive details on the vulnerability and fixes
- Bubblewrap commit updates add the --bind-fd option required to close the race condition
- Flatpak commit updates implement the security fixes
For the stable 1.14.x branch, upgrade to Flatpak 1.14.10 which includes the bundled bubblewrap 0.6.3. For the development 1.15.x branch, upgrade to Flatpak 1.15.10 with bubblewrap 0.10.0. Note that the 1.12.x and 1.10.x branches will not receive updates—long-term support distributions should backport the individual changes.
The Debian LTS Announcement provides guidance for Debian-based systems.
Workarounds
- Avoid using or installing applications that utilize the persistent (--persist) permission until systems are patched
- Remove the persistent permission from existing applications where possible using flatpak override --user --no-persist=<subdir> <app-id>
- Consider using flatpak override to restrict permissions for untrusted applications
- If patching is not immediately possible, consider temporarily uninstalling applications known to use persistent directories
# Check Flatpak version and verify it's patched
flatpak --version
# List all Flatpak applications and their permissions
flatpak list --app --columns=name,application
flatpak info --show-permissions <app-id>
# Remove persistent permission from an application
flatpak override --user --no-persist=<subdir> <app-id>
# Update Flatpak on Debian/Ubuntu
sudo apt update && sudo apt install flatpak
# Update Flatpak on Fedora/RHEL
sudo dnf update flatpak bubblewrap
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
