Several vulnerabilities have been found in Snap that is developed by Canonical. The most serious of vulnerabilities, the one in snap-confine, can be used to escalate privileges to gain root privileges.
Qualys experts talk about the problems and write that the most dangerous is the CVE-2021-44731 vulnerability (7.8 points on the CVSS scale) associated with the operation of the snap-confine utility. This utility is used within the snapd framework for creation of a runtime environment for snap applications.
In their own security bulletin, the Red Hat developers describe this as a race condition in the snap-confine component that occurs when preparing a namespace for a snap.
Experts say that the vulnerability cannot be exploited remotely, but an attacker who logs in as an unprivileged user can exploit the bug to quickly gain superuser rights.
It is also reported that in addition to CVE-2021-44731, six other vulnerabilities were discovered:
- CVE-2021-3995 – Unauthorized unmount in libmount util-linux;
- CVE-2021-3996 – Unauthorized unmount in libmount util-linux;
- CVE-2021-3997 – Uncontrolled recursion in systemd-tmpfiles systemd;
- CVE-2021-3998 – Returning unexpected value in glibc realpath();
- CVE-2021-3999 – off-by-one overflow and underflow buffer in glibc getcwd();
- CVE-2021-44730 – Hardlink attack in sc_open_snapd_tool().
The Ubuntu team was notified of the issues as early as October 27, 2021, and patches were submitted for the issues last week, February 17, 2022.
Let me remind you that we also said that Vulnerability in Argo CD allows to steal data using Helm charts, and also that Fresh Apache Vulnerability May Lead to Remote Code Execution.