Published: 17/02/2022 Updated: 07/11/2023

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.8 | Impact Score: 6 | Exploitability Score: 1.1

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local malicious user to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical snapd
canonical ubuntu linux 18.04
canonical ubuntu linux 20.04
canonical ubuntu linux 21.10
fedoraproject fedora 34
fedoraproject fedora 35
debian debian linux 10.0
debian debian linux 11.0

Multiple vulnerabilties were discovered in snapd, a daemon and tooling that enable Snap packages, which could result in bypass of access restrictions or privilege escalation For the oldstable distribution (buster), these problems have been fixed in version 2374-1+deb10u1 For the stable distribution (bullseye), these problems have been fixed in ...

USN-5292-1 introduced a regression in snapd ...

Several security issues were fixed in snapd ...

Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to r ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2021-44731: Race condition in snap-confine's setup_private_mount()   ...

oss-sec mailing list archives   By Date By Thread </form>    Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount()  <!--X-Head-of-Message-- ...

Local Privilege Escalation Exploit for CVE-2021-44731

CVE-2021-44731-snap-confine-SUID Local Privilege Escalation Exploit for CVE-2021-44731, snap-confine 2542 and lower All credit to Qualys for finding this and providing a detailed exploit wwwqualyscom/2022/02/17/cve-2021-44731/oh-snap-more-lemmingstxt Quick and Dirty snap-confine LPE Will search for vulnerable version of snap-confine, if found will then exploit R

CWE-362 https://ubuntu.com/security/notices/USN-5292-1 http://www.openwall.com/lists/oss-security/2022/02/18/2 https://www.debian.org/security/2022/dsa-5080 http://www.openwall.com/lists/oss-security/2022/02/23/2 http://www.openwall.com/lists/oss-security/2022/02/23/1 http://www.openwall.com/lists/oss-security/2022/11/30/2 http://seclists.org/fulldisclosure/2022/Dec/4 http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5080 https://github.com/deeexcee-io/CVE-2021-44731-snap-confine-SUID https://ubuntu.com/security/notices/USN-5292-4

CVE-2021-44731

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect