VYPR
Unrated severityNVD Advisory· Published Feb 17, 2022· Updated Aug 3, 2024

snapd could be made to bypass intended access restrictions through snap content interfaces and layout paths

CVE-2021-4120

Description

snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Snapcore/Snapdllm-fuzzy
    Range: < 2.54.3+18.04, < 2.54.3+20.04, < 2.54.3+21.10.1
  • Canonical Ltd./snapdv5
    Range: unspecified

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.