CVE-2021-3155

LOW

snapd < 2.54.3 - Unprotected User Data Exposure via Home Directory Permissions

Title source: llm

Description

snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_misc

https://ubuntu.com/security/notices/USN-5292-1

Patch, Third Party Advisory x_refsource_misc

https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85

View Patch ZIP pw:eip

Patch, Third Party Advisory x_refsource_misc

https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca

View Patch ZIP pw:eip

Scores

CVSS v3 3.8

EPSS 0.0003

EPSS Percentile 8.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Details

CWE

CWE-276

Status published

Products (4)

canonical/snapd < 2.54.3

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 20.04

canonical/ubuntu_linux 21.10

Published Feb 17, 2022

Tracked Since Feb 18, 2026