First published: Thu Feb 17 2022(Updated: )
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
Credit: security@ubuntu.com security@ubuntu.com
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical snapd | <=2.54.2 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
Canonical Ubuntu Linux | =21.10 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
debian/snapd | <=2.37.4-1+deb10u1<=2.37.4-1+deb10u3 | 2.49-1+deb11u2 2.57.6-1 2.61.2-2 |
ubuntu/snapd | <2.54.3+18.04 | 2.54.3+18.04 |
ubuntu/snapd | <2.54.3+20.04 | 2.54.3+20.04 |
ubuntu/snapd | <2.54.3+21.10.1 | 2.54.3+21.10.1 |
ubuntu/snapd | <2.54.3+14.04~ | 2.54.3+14.04~ |
ubuntu/snapd | <2.54.3 | 2.54.3 |
ubuntu/snapd | <2.54.3+16.04~ | 2.54.3+16.04~ |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-4120 is a vulnerability in snapd 2.54.2 that allows snaps to inject arbitrary AppArmor policy rules and escape strict snap confinement.
CVE-2021-4120 has a severity rating of 7.8 (high).
Version 2.54.2 of snapd is affected.
To fix CVE-2021-4120, update snapd to version 2.54.3 or higher.
You can find more information about CVE-2021-4120 at the following references: [Link 1](http://www.openwall.com/lists/oss-security/2022/02/18/2), [Link 2](https://bugs.launchpad.net/snapd/+bug/1949368), [Link 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/).