cbcvebase.
CVE-2021-44731
published 2022-02-17

CVE-2021-44731: A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain…

high7.8CVSS 3.1
AVLACHPRLUINSCCHIHAH
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

Affected

23 ranges
VendorProductVersion rangeFixed in
canonicalsnapd<= 2.54.2
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonical_ltdsnapdunspecified – 2.54.2
debiandebian_linux
debiandebian_linux
debiansnapd< snapd 2.54.3-1 (bookworm)snapd 2.54.3-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
snapcraftsnapd>= 0 < 2.49-1+deb11u12.49-1+deb11u1
snapcraftsnapd>= 0 < 2.54.3-12.54.3-1
snapcraftsnapd>= 0 < 2.54.3-12.54.3-1
snapcraftsnapd>= 0 < 2.54.3-12.54.3-1
snapcraftsnapd>= 0 < 2.54.3+18.042.54.3+18.04
snapcraftsnapd>= 0 < 2.54.3+18.04.2ubuntu0.22.54.3+18.04.2ubuntu0.2
snapcraftsnapd>= 0 < 2.54.3+20.042.54.3+20.04
snapcraftsnapd>= 0 < 2.54.3+20.04.12.54.3+20.04.1
snapcraftsnapd>= 0 < 2.54.3+20.04.1ubuntu0.22.54.3+20.04.1ubuntu0.2
snapcraftsnapd>= 0 < 2.54.3+14.04~esm12.54.3+14.04~esm1
snapcraftsnapd>= 0 < 2.54.3+14.04.0ubuntu0.1~esm32.54.3+14.04.0ubuntu0.1~esm3
snapcraftsnapd>= 0 < 2.54.3+16.04~esm22.54.3+16.04~esm2
snapcraftsnapd>= 0 < 2.54.3+16.04.0ubuntu0.1~esm42.54.3+16.04.0ubuntu0.1~esm4

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
osv7.8HIGH