CVE-2021-44730

HIGH

snapd < 2.54.3 - Privilege Escalation via Hardlink Attack on snap-confine Binary

Title source: llm

Description

snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

References (6)

Core 6

Core References

Patch, Vendor Advisory x_refsource_misc

https://ubuntu.com/security/notices/USN-5292-1

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2022/02/18/2

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/

Issue Tracking, Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2022/dsa-5080

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2022/02/23/1

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 11.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-59

Status published

Products (8)

canonical/snapd < 2.54.2

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 20.04

canonical/ubuntu_linux 21.10

debian/debian_linux 10.0

debian/debian_linux 11.0

fedoraproject/fedora 34

fedoraproject/fedora 35

Published Feb 17, 2022

Tracked Since Feb 18, 2026