VYPR
Unrated severityNVD Advisory· Published Feb 17, 2022· Updated Aug 4, 2024

snapd could be made to escalate privileges and run programs as administrator

CVE-2021-44730

Description

snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Snapcore/Snapdllm-fuzzy
    Range: = 2.54.2
  • Canonical Ltd./snapdv5
    Range: unspecified

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.