Potential Privilege Escalation Vulnerability in snapd
CVE-2020-27352
9.3CRITICAL
What is CVE-2020-27352?
A privilege escalation issue exists in Canonical's Docker Snap, primarily due to the failure of snapd to specify 'Delegate=yes' when generating systemd service units. This oversight can lead to processes managed by the container being improperly relocated to the main daemon's cgroup during system unit reloads. Consequently, this behavior could allow containers to gain additional privileges, potentially compromising intended security boundaries and exposing systems to risks. Users and administrators should evaluate the impacts of this vulnerability on their deployments and consider appropriate mitigations.
Affected Version(s)
snapd Linux 0 < 2.48.3