Latest canonical snapd Vulnerabilities

CVE-2023-1523
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap...
Canonical snapd<2.59.5
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
Canonical Ubuntu Linux=22.04
Canonical Ubuntu Linux=22.10
and 9 more
CVE-2022-3328
Race condition in snap-confine's must_mkdir_and_open_with_perms()
Canonical snapd<2.61.1
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
Canonical Ubuntu Linux=22.04
Canonical Ubuntu Linux=22.10
and 8 more
CVE-2021-44731
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their o...
Canonical snapd<=2.54.2
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
Canonical Ubuntu Linux=21.10
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 9 more
CVE-2021-44730
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binar...
Canonical snapd<=2.54.2
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
Canonical Ubuntu Linux=21.10
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 9 more
CVE-2021-4120
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content inter...
Canonical snapd<=2.54.2
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
Canonical Ubuntu Linux=21.10
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 7 more
CVE-2021-3155
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been priv...
Canonical snapd<2.54.3
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
Canonical Ubuntu Linux=21.10
ubuntu/snapd<2.54.3+14.04~
ubuntu/snapd<2.54.3+21.10.1
and 5 more
CVE-2020-11933
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-da...
Canonical snapd<2.45.2
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.10
Canonical Ubuntu Linux=20.04
CVE-2019-11502
snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp dire...
Canonical snapd<2.38
CVE-2019-11503
snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass...
Canonical snapd<2.39
CVE-2019-7304
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37....
Canonical snapd<2.37.1
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=18.10
CVE-2019-7303
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to mat...
Canonical snapd<2.37.4
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=18.10

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203