CVE-2021-44730

HIGH8.8EPSS 0.04%

snapd - security update

發布日:2022/2/17修改日:2026/4/28

描述

snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

受影響套件(2)

Debian/snapdfrom 0, < 2.49-1+deb11u1
Debian/snapdfrom 0, < 2.37.4-1+deb10u1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-44730