Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Snapd
(Canonical)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-01-08 | CVE-2022-3328 | Race condition in snap-confine's must_mkdir_and_open_with_perms() | Snapd, Ubuntu_linux | 7.0 | ||
| 2022-02-17 | CVE-2021-3155 | snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 | Snapd, Ubuntu_linux | 5.5 | ||
| 2022-02-17 | CVE-2021-44730 | snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 | Snapd, Ubuntu_linux, Debian_linux, Fedora | 8.8 | ||
| 2022-02-17 | CVE-2021-44731 | A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 | Snapd, Ubuntu_linux, Debian_linux, Fedora | 7.8 |