snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2022/02/18/2 | Exploit Mailing List Third Party Advisory |
https://bugs.launchpad.net/snapd/+bug/1949368 | Exploit Issue Tracking Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/ | |
https://ubuntu.com/security/notices/USN-5292-1 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:40
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2022-02-17 23:15
Updated : 2024-02-28 19:09
NVD link : CVE-2021-4120
Mitre link : CVE-2021-4120
CVE.ORG link : CVE-2021-4120
JSON object : View
Products Affected
canonical
- snapd
- ubuntu_linux
fedoraproject
- fedora
CWE
CWE-20
Improper Input Validation