snapd 竞争条件问题漏洞

snapd is an open source, cross-platform package management tool. snapd suffers from a compete condition issue vulnerability that stems from a compete condition occurring in the snapd snap- restrict binary when it prepares a private /tmp mount causing a local attacker to potentially elevate...

CVE-2019-13226

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/ in the Helper::temporaryMountDevice function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a...