Description
The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap with a name starting with "ubuntu-core."
References (2)
Core 2
Core References
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/ubuntu/+source/ubuntu-core-launcher/+bug/1576699
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2956-1
Scores
CVSS v3
9.8
EPSS
0.0348
EPSS Percentile
87.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
Status
published
Products (1)
canonical/ubuntu-core-launcher
1.0.27
Published
May 13, 2016
Tracked Since
Feb 18, 2026