A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local malicious user to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical snapd |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 20.04 |
||
canonical ubuntu linux 21.10 |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |