First published: Thu Feb 17 2022(Updated: )
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
Credit: security@ubuntu.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/snapd | 2.49-1+deb11u2 2.57.6-1 2.67-1 | |
Snapcraft Snapd | <=2.54.2 | |
Ubuntu | =18.04 | |
Ubuntu | =20.04 | |
Ubuntu | =21.10 | |
Red Hat Fedora | =34 | |
Red Hat Fedora | =35 | |
Debian Linux | =10.0 | |
Debian Linux | =11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-44731 is a vulnerability that existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap, allowing a local attacker to gain root privileges.
CVE-2021-44731 has a severity score of 7.8 (high).
The affected software versions include snapd 2.37.4-1+deb10u1, 2.37.4-1+deb10u3, 2.49-1+deb11u2, 2.57.6-1, and 2.60.2-1 on Debian, as well as snapd 2.54.3+18.04 on Ubuntu 18.04 LTS, snapd 2.54.3+20.04 on Ubuntu 20.04 LTS, snapd 2.54.3+21.10.1 on Ubuntu 21.10, and snapd 2.54.3 (upstream version) on Ubuntu (all versions).
To fix CVE-2021-44731, update snapd to version 2.54.3+18.04 on Ubuntu 18.04 LTS, 2.54.3+20.04 on Ubuntu 20.04 LTS, 2.54.3+21.10.1 on Ubuntu 21.10, or 2.54.3 (upstream version) on Ubuntu (all versions). For Debian, update to snapd versions 2.37.4-1+deb10u1, 2.37.4-1+deb10u3, 2.49-1+deb11u2, 2.57.6-1, or 2.60.2-1.
You can find more information about CVE-2021-44731 at the following references: [1] http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html [2] http://seclists.org/fulldisclosure/2022/Dec/4 [3] http://www.openwall.com/lists/oss-security/2022/02/18/2