8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
github.com/snapcore/snapd is vulnerable to privilege escalation. The sc_open_snapd_tool
function of tool.c
does not properly validate the location of the snap-confine binary, allowing an attacker to hardlink setuid
binaries to another location when fs.protected_hardlinks
is 0.
www.openwall.com/lists/oss-security/2022/02/18/2
www.openwall.com/lists/oss-security/2022/02/23/1
github.com/snapcore/snapd/commit/54e71e7750f73a28f5a47fe04dd058360e24c0e9
lists.fedoraproject.org/archives/list/[email protected]/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/
lists.fedoraproject.org/archives/list/[email protected]/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/
ubuntu.com/security/notices/USN-5292-1
www.debian.org/security/2022/dsa-5080
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C