CVE-2021-44731

CWE-362Race Condition12 documents7 sources
Severity
7.8HIGH
EPSS
1.3%
top 20.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Canonical Ltd. SnapdCanonical SnapdCanonical Ubuntu Linux+2 more
Timeline
PublishedFeb 17
Latest updateFeb 19

Description

A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages3 packages

Debiansnapd< 2.49-1+deb11u1+3
NVDcanonical/snapd2.54.2
CVEListV5canonical_ltd./snapdunspecified2.54.2

Also affects: Debian Linux 10.0, 11.0, Fedora 34, 35, Ubuntu Linux 18.04, 20.04, 21.10

Patches

Patch: ubuntu.comPatch: ubuntu.com

🔴Vulnerability Details

3
GHSA
GHSA-m3j9-xfh2-hrgc: A race condition existed in the snapd 22022-02-19
CVEList
snapd could be made to escalate privileges and run programs as administrator2022-02-17
OSV
CVE-2021-44731: A race condition existed in the snapd 22022-02-17

📋Vendor Advisories

4
Ubuntu
snapd vulnerabilities2022-02-18
Ubuntu
snapd vulnerabilities2022-02-18
Ubuntu
snapd vulnerabilities2022-02-17
Debian
CVE-2021-44731: snapd - A race condition existed in the snapd 2.54.2 snap-confine binary when preparing ...2021

🕵️Threat Intelligence

1
Qualys
Oh Snap! More Lemmings: Local Privilege Escalation Vulnerability Discovered in snap-confine (CVE-2021-44731) | Qualys2022-02-17
CVE-2021-44731 (HIGH CVSS 7.8) | A race condition existed in the sna | cvebase.io