{"id":"USN-7978-1","summary":"screen vulnerabilities","details":"It was discovered that GNU Screen incorrectly handled signals when setuid\nor setgid privileges were being used, which is not the default in Ubuntu.\nA local attacker could use this issue to send privileged signals, possibly\nleading to a denial of service. This issue only affected Ubuntu 22.04 LTS.\n(CVE-2023-24626)\n\nIt was discovered that GNU Screen incorrectly handled PTY permissions. A\nlocal attacker could possibly use this issue to connect to an unauthorized\nscreen session. (CVE-2025-46802)\n\nIt was discovered that GNU Screen incorrectly handled file access when\nsetuid privileges were being used, which is not the default in Ubuntu. A\nlocal attacker could use this issue to deduce information about certain\nfile paths. (CVE-2025-46804)\n\nIt was discovered that GNU Screen incorrectly handled signals when setuid\nprivileges were being used, which is not the default in Ubuntu. A local\nattacker could use this issue to send privileged signals, possibly leading\nto a denial of service. (CVE-2025-46805)","modified":"2026-04-27T18:34:31.604583Z","published":"2026-01-26T18:47:16Z","related":["UBUNTU-CVE-2023-24626","UBUNTU-CVE-2025-46802","UBUNTU-CVE-2025-46804","UBUNTU-CVE-2025-46805"],"upstream":["CVE-2023-24626","CVE-2025-46802","CVE-2025-46804","CVE-2025-46805","UBUNTU-CVE-2023-24626","UBUNTU-CVE-2025-46802","UBUNTU-CVE-2025-46804","UBUNTU-CVE-2025-46805"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7978-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-24626"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-46802"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-46804"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-46805"}],"affected":[{"package":{"name":"screen","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/screen@4.9.0-1ubuntu0.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.0-1ubuntu0.1"}]}],"versions":["4.8.0-6","4.8.0-6build1","4.8.0-7","4.9.0-1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"screen","binary_version":"4.9.0-1ubuntu0.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7978-1.json","cves_map":{"cves":[{"id":"CVE-2023-24626","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2025-46802","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-46804","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2025-46805","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"low","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:22.04:LTS"}}},{"package":{"name":"screen","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/screen@4.9.1-1ubuntu1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.1-1ubuntu1"}]}],"versions":["4.9.0-4","4.9.1-1","4.9.1-1build1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"screen","binary_version":"4.9.1-1ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7978-1.json","cves_map":{"cves":[{"id":"CVE-2025-46802","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-46804","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2025-46805","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"low","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:24.04:LTS"}}}],"schema_version":"1.7.5"}