snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation
Reporter | Title | Published | Views | Family All 36 |
---|---|---|---|---|
Prion | Privilege escalation | 17 Feb 202223:15 | – | prion |
UbuntuCve | CVE-2021-44730 | 17 Feb 202200:00 | – | ubuntucve |
Debian CVE | CVE-2021-44730 | 17 Feb 202223:15 | – | debiancve |
CNVD | Unspecified vulnerability in snapd | 18 Feb 202200:00 | – | cnvd |
OSV | CVE-2021-44730 | 17 Feb 202223:15 | – | osv |
OSV | snapd - security update | 18 Feb 202200:00 | – | osv |
OSV | snapd vulnerabilities | 18 Feb 202201:07 | – | osv |
OSV | snapd vulnerabilities | 18 Feb 202202:21 | – | osv |
OSV | snapd regression | 24 Feb 202213:23 | – | osv |
OSV | snapd vulnerabilities | 17 Feb 202217:24 | – | osv |
[
{
"product": "snapd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThanOrEqual": "2.54.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo