Improper Mount Point Determination in Ubuntu Core Launcher
CVE-2016-1580
9.8CRITICAL
What is CVE-2016-1580?
The ubuntu-core-launcher package prior to version 1.0.27.1 contains a vulnerability in the setup_snappy_os_mounts function. This issue stems from the improper determination of bind mount points when using snap packages. An attacker could exploit this flaw by deploying a specially crafted snap named with a prefix of 'ubuntu-core.' Successful exploitation of this vulnerability could allow an unauthorized remote user to access sensitive information or even gain elevated privileges on affected systems.