The setup_snappy_os_mounts function in the ubuntu-core-launcher package prior to 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote malicious users to obtain sensitive information or gain privileges via a snap with a name starting with "ubuntu-core."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu-core-launcher 1.0.27 |