CVE-2021-4120
Description
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.088
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Daemon and tooling that enable snap packages (USN-5292-1) snapd_2.54.3+18.04_i386.deb | Linux |
| Daemon and tooling that enable snap packages (USN-5292-1) snapd_2.54.3+18.04_amd64.deb | Linux |
| Daemon and tooling that enable snap packages (USN-5292-1) snapd_2.54.3+21.10.1_amd64.deb | Linux |
| Daemon and tooling that enable snap packages (USN-5292-1) snap-confine_2.54.3+18.04_i386.deb | Linux |
| Daemon and tooling that enable snap packages (USN-5292-1) snap-confine_2.54.3+18.04_amd64.deb | Linux |
| Daemon and tooling that enable snap packages (USN-5292-1) snap-confine_2.54.3+21.10.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234