Canonical Snapd
Recent Canonical Snapd Security Advisories
| Advisory | Title | Published |
|---|---|---|
| USN-5862-1 | USN-5862-1: Linux kernel (Qualcomm Snapdragon) vulnerabilities | February 9, 2023 |
| USN-5753-1 | USN-5753-1: snapd vulnerability | December 1, 2022 |
| USN-5292-4 | USN-5292-4: snapd regression | February 24, 2022 |
| USN-5292-3 | USN-5292-3: snapd vulnerabilities | February 18, 2022 |
| USN-5292-2 | USN-5292-2: snapd vulnerabilities | February 18, 2022 |
| USN-5292-1 | USN-5292-1: snapd vulnerabilities | February 17, 2022 |
By the Year
In 2023 there have been 0 vulnerabilities in Canonical Snapd . Last year Snapd had 4 security vulnerabilities published. Right now, Snapd is on track to have less security vulnerabilities in 2023 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 4 | 7.48 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 6.80 |
| 2019 | 4 | 8.08 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Snapd vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Canonical Snapd Security Vulnerabilities
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions
CVE-2021-3155
5.5 - Medium
- February 17, 2022
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
Incorrect Default Permissions
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap
CVE-2021-44731
7.8 - High
- February 17, 2022
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
Race Condition
snapd 2.54.2 did not properly validate the location of the snap-confine binary
CVE-2021-44730
8.8 - High
- February 17, 2022
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
insecure temporary file
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules
CVE-2021-4120
7.8 - High
- February 17, 2022
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
Improper Input Validation
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data
CVE-2020-11933
6.8 - Medium
- July 29, 2020
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659.
snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user
CVE-2019-11502
7.5 - High
- April 24, 2019
snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory.
insecure temporary file
snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user
CVE-2019-11503
7.5 - High
- April 24, 2019
snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass."
insecure temporary file
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4
CVE-2019-7303
7.5 - High
- April 23, 2019
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This issue affects: Canonical snapd versions prior to 2.37.4.
Permissions, Privileges, and Access Controls
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root
CVE-2019-7304
9.8 - Critical
- April 23, 2019
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by Canonical? Click the Watch button to subscribe.
