snapd could be made to escalate privileges and run programs as administrator
CVE-2021-44731

7.8HIGH

Key Information:

Vendor: Canonical Ltd.
Status: Snapd
Vendor: CVE Published:; 17 February 2022

Badges

👾 Exploit Exists

Summary

A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

Affected Version(s)

snapd <= 2.54.2

References

https://ubuntu.com/security/notices/USN-5292-1

http://www.openwall.com/lists/oss-security/2022/02/18/2

mailing-list

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

🟡
Public PoC available
Jul 9, 2023
👾
Exploit known to exist
Jul 9, 2023
Vulnerability published
Feb 17, 2022
Vulnerability Reserved
Dec 8, 2021

Credit

Qualys Research Team