CVE-2024-29068

2024-03-1400:00:00

ubuntu.com

snapd

2.62

vulnerability

snap extraction

squashfs

file-system

denial of service

malicious snap

non-regular files

CVSS3

5.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H

AI Score

6.8

Confidence

High

JSON

In snapd versions prior to 2.62, snapd failed to properly check the file
type when extracting a snap. The snap format is a squashfs file-system
image and so can contain files that are non-regular files (such as pipes or
sockets etc). Various file entries within the snap squashfs image (such as
icons etc) are directly read by snapd when it is extracted. An attacker who
could convince a user to install a malicious snap which contained
non-regular files at these paths could then cause snapd to block
indefinitely trying to read from such files and cause a denial of service.

Notes

Author	Note
sarnold	CWE-20 CAPEC-586

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchsnapd< anyUNKNOWN
ubuntu20.04noarchsnapd< anyUNKNOWN
ubuntu22.04noarchsnapd< anyUNKNOWN
ubuntu24.04noarchsnapd< 2.62+24.04build1UNKNOWN
ubuntu16.04noarchsnapd< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	snapd	< any	UNKNOWN
ubuntu	20.04	noarch	snapd	< any	UNKNOWN
ubuntu	22.04	noarch	snapd	< any	UNKNOWN
ubuntu	24.04	noarch	snapd	< 2.62+24.04build1	UNKNOWN
ubuntu	16.04	noarch	snapd	< any	UNKNOWN