CVE-2016-1580

CRITICAL

Ubuntu Core-Launcher <1.0.27.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap with a name starting with "ubuntu-core."

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2956-1

Scores

CVSS v3 9.8
EPSS 0.0348
EPSS Percentile 87.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-264
Status published
Products (1)
canonical/ubuntu-core-launcher 1.0.27
Published May 13, 2016
Tracked Since Feb 18, 2026