Vulnerability Name:

CVE-2021-44730 (CCN-219890)

Assigned:2021-12-08
Published:2022-02-17
Updated:2022-02-28
Summary:snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.0 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-59
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2021-44730

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount()

Source: XF
Type: UNKNOWN
snapcore-cve202144730-priv-esc(219890)

Source: CCN
Type: snapd GIT Repository
snapd

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-82bea71e5a

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-5df8b52ba4

Source: CCN
Type: oss-sec Mailing List, Thu, 17 Feb 2022 19:47:43 +0000
CVE-2021-44731: Race condition in snap-confine's setup_private_mount()

Source: CCN
Type: USN-5292-1
snapd vulnerabilities

Source: MISC
Type: Patch, Vendor Advisory
https://ubuntu.com/security/notices/USN-5292-1

Source: DEBIAN
Type: Issue Tracking, Third Party Advisory
DSA-5080

Vulnerable Configuration:Configuration 1:
  • cpe:/a:canonical:snapd:*:*:*:*:*:*:*:* (Version <= 2.54.2)

    • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    canonical snapd *
    canonical ubuntu linux 18.04
    canonical ubuntu linux 20.04
    canonical ubuntu linux 21.10
    fedoraproject fedora 34
    fedoraproject fedora 35
    debian debian linux 10.0
    debian debian linux 11.0