CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
15.6%
Gilad Reti and Nimrod Stoler discovered that snapd did not correctly specify cgroup
delegation when generating systemd service units for various container
management snaps. This could allow a local attacker to escalate privileges
via access to arbitrary devices of the container host from within a
compromised or malicious container.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 20.10 | noarch | snapd | < 2.48.3+20.10 | UNKNOWN |
Ubuntu | 20.10 | noarch | golang-github-snapcore-snapd-dev | < 2.48.3+20.10 | UNKNOWN |
Ubuntu | 20.10 | noarch | golang-github-ubuntu-core-snappy-dev | < 2.48.3+20.10 | UNKNOWN |
Ubuntu | 20.10 | noarch | snap-confine | < 2.48.3+20.10 | UNKNOWN |
Ubuntu | 20.10 | noarch | snapd-dbgsym | < 2.48.3+20.10 | UNKNOWN |
Ubuntu | 20.10 | noarch | snapd-xdg-open | < 2.48.3+20.10 | UNKNOWN |
Ubuntu | 20.10 | noarch | ubuntu-core-launcher | < 2.48.3+20.10 | UNKNOWN |
Ubuntu | 20.10 | noarch | ubuntu-core-snapd-units | < 2.48.3+20.10 | UNKNOWN |
Ubuntu | 20.10 | noarch | ubuntu-snappy | < 2.48.3+20.10 | UNKNOWN |
Ubuntu | 20.10 | noarch | ubuntu-snappy-cli | < 2.48.3+20.10 | UNKNOWN |