CVE-2022-3328

Race condition in snap-confine's must_mkdir_and_open_with_perms()

CVE-2020-27352

When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading syst...

CVE-2024-5138

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of t...

CVE-2024-1724

In snapd versions prior to 2.62, when using AppArmor for enforcement ofsandbox permissions, snapd failed to restrict writes to the $HOME/binpath. In Ubuntu, when this path exists, it is automatically added tothe users PATH. An attacker who could convince a user to install amalicious snap which used...

CVE-2024-29068

In snapd versions prior to 2.62, snapd failed to properly check the filetype when extracting a snap. The snap format is a squashfs file-systemimage and so can contain files that are non-regular files (such as pipesor sockets etc). Various file entries within the snap squashfs image(such as icons et...

CVE-2024-29069

In snapd versions prior to 2.62, snapd failed to properly check thedestination of symbolic links when extracting a snap. The snap formatis a squashfs file-system image and so can contain symbolic links andother file types. Various file entries within the snap squashfs image(such as icons and deskto...