Potential Privilege Escalation Vulnerability in snapd
CVE-2020-27352

9.3CRITICAL

Key Information:

Vendor
Canonical Ltd.
Status
Snapd
Vendor
CVE Published:
21 June 2024

Summary

A privilege escalation issue exists in Canonical's Docker Snap, primarily due to the failure of snapd to specify 'Delegate=yes' when generating systemd service units. This oversight can lead to processes managed by the container being improperly relocated to the main daemon's cgroup during system unit reloads. Consequently, this behavior could allow containers to gain additional privileges, potentially compromising intended security boundaries and exposing systems to risks. Users and administrators should evaluate the impacts of this vulnerability on their deployments and consider appropriate mitigations.

Affected Version(s)

snapd Linux 0 < 2.48.3

References

https://bugs.launchpad.net/snapd/+bug/1910456
issue-tracking
https://ubuntu.com/security/notices/USN-4728-1
vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2020-27352
issue-tracking

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Gilad Reti
Nimrod Stoler
.
CVE-2020-27352 : Potential Privilege Escalation Vulnerability in snapd | SecurityVulnerability.io