snapd could be made to escalate privileges and run programs as administrator
CVE-2021-44730

7.8HIGH

Key Information:

Vendor
Canonical Ltd.
Status
Snapd
Vendor
CVE Published:
17 February 2022

Summary

snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

Affected Version(s)

snapd <= 2.54.2

References

https://ubuntu.com/security/notices/USN-5292-1
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2022/02/18/2
mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Qualys Research Team
.