CVE-2024-29069

2024-03-1400:00:00

ubuntu.com

snapd

symbolic links

vulnerability

snap extraction

unprivileged users

privileged information

CVSS3

4.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

AI Score

5.2

Confidence

High

JSON

In snapd versions prior to 2.62, snapd failed to properly check the
destination of symbolic links when extracting a snap. The snap format is a
squashfs file-system image and so can contain symbolic links and other file
types. Various file entries within the snap squashfs image (such as icons
and desktop files etc) are directly read by snapd when it is extracted. An
attacker who could convince a user to install a malicious snap which
contained symbolic links at these paths could then cause snapd to write out
the contents of the symbolic link destination into a world-readable
directory. This in-turn could allow an unprivileged user to gain access to
privileged information.

Notes

Author	Note
sarnold	CWE-610 CAPEC-132

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchsnapd< anyUNKNOWN
ubuntu20.04noarchsnapd< anyUNKNOWN
ubuntu22.04noarchsnapd< anyUNKNOWN
ubuntu24.04noarchsnapd< 2.62+24.04build1UNKNOWN
ubuntu16.04noarchsnapd< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	snapd	< any	UNKNOWN
ubuntu	20.04	noarch	snapd	< any	UNKNOWN
ubuntu	22.04	noarch	snapd	< any	UNKNOWN
ubuntu	24.04	noarch	snapd	< 2.62+24.04build1	UNKNOWN
ubuntu	16.04	noarch	snapd	< any	UNKNOWN