#VU60743 Race condition in Snapd - CVE-2021-44731


| Updated: 2023-07-10

Vulnerability identifier: #VU60743

Vulnerability risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2021-44731

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
Snapd
Universal components / Libraries / Software for developers

Vendor: snapcore

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the snap-confine binary when preparing a private mount namespace for a snap.. A local user can  bind-mount their own contents inside the snap's private mount namespace and execute arbitrary code with root privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Snapd: 2.0 - 2.54.2

External links
https://github.com/snapcore/snapd/releases/tag/2.54.3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Ubuntu update for snapd
Debian update for snapd
Multiple vulnerabilities in snapd
Ubuntu update for snapd
Ubuntu update for snapd
Fedora EPEL 8 update for snapd
Fedora EPEL 9 update for snapd
Fedora EPEL 7 update for snapd
Fedora 35 update for snapd
Fedora 34 update for snapd