anonhaven
Ad

CVE-2021-44731

HIGH CVSS 3.1: 7.8 EPSS 2.30%
Updated Nov 21, 2024
Fedoraproject
Parameter Value
CVSS 7.8 (HIGH)
Affected Versions before 2.54.2
Type CWE-362 (Race Condition)
Vendor Fedoraproject
Public PoC Yes

A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
High
Difficult to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-362 Race Condition

Vulnerable Products 8

Configuration From (including) Up to (excluding)
Canonical Snapd
cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*
 <= 2.54.2
Canonical Ubuntu_Linux
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Canonical Ubuntu_Linux
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Canonical Ubuntu_Linux
cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*
Fedoraproject Fedora
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Fedoraproject Fedora
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Debian Debian_Linux
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Debian Debian_Linux
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

References 10

http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_wi…
security@ubuntu.com
http://seclists.org/fulldisclosure/2022/Dec/4
security@ubuntu.com
http://www.openwall.com/lists/oss-security/2022/02/18/2
security@ubuntu.com
http://www.openwall.com/lists/oss-security/2022/02/23/1
security@ubuntu.com
http://www.openwall.com/lists/oss-security/2022/02/23/2
security@ubuntu.com
http://www.openwall.com/lists/oss-security/2022/11/30/2
security@ubuntu.com
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
security@ubuntu.com
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
security@ubuntu.com
https://ubuntu.com/security/notices/USN-5292-1
security@ubuntu.com
https://www.debian.org/security/2022/dsa-5080
security@ubuntu.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2024-4761

Fedoraproject

8.8

CVE-2023-5455

Fedoraproject

6.5

CVE-2023-5631

Roundcube

5.4

CVE-2023-4911

Canonical

7.8

CVE-2023-20867

Debian

3.9