Potential Privilege Escalation Vulnerability in snapd
CVE-2020-27352
9.3CRITICAL
Summary
A privilege escalation issue exists in Canonical's Docker Snap, primarily due to the failure of snapd to specify 'Delegate=yes' when generating systemd service units. This oversight can lead to processes managed by the container being improperly relocated to the main daemon's cgroup during system unit reloads. Consequently, this behavior could allow containers to gain additional privileges, potentially compromising intended security boundaries and exposing systems to risks. Users and administrators should evaluate the impacts of this vulnerability on their deployments and consider appropriate mitigations.
Affected Version(s)
snapd Linux 0 < 2.48.3
References
CVSS V3.1
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Gilad Reti
Nimrod Stoler