{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-44731","assignerOrgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","assignerShortName":"canonical","dateUpdated":"2024-08-04T04:32:12.887Z","dateReserved":"2021-12-08T00:00:00.000Z","datePublished":"2022-02-17T00:00:00.000Z"},"containers":{"cna":{"title":"snapd could be made to escalate privileges and run programs as administrator","providerMetadata":{"orgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","shortName":"canonical","dateUpdated":"2022-12-09T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"}],"affected":[{"vendor":"Canonical Ltd.","product":"snapd","versions":[{"version":"unspecified","lessThanOrEqual":"2.54.2","status":"affected","versionType":"custom"}]}],"references":[{"url":"https://ubuntu.com/security/notices/USN-5292-1"},{"name":"[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2022/02/18/2"},{"name":"FEDORA-2022-82bea71e5a","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"},{"name":"FEDORA-2022-5df8b52ba4","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"},{"name":"DSA-5080","tags":["vendor-advisory"],"url":"https://www.debian.org/security/2022/dsa-5080"},{"name":"[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount()","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2022/02/23/1"},{"name":"[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount()","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2022/02/23/2"},{"name":"[oss-security] 20221130 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2022/11/30/2"},{"name":"20221208 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2022/Dec/4"},{"url":"http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html"}],"credits":[{"lang":"en","value":"Qualys Research Team"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)","cweId":"CWE-362"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"discovery":"EXTERNAL"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T04:32:12.887Z"},"title":"CVE Program Container","references":[{"url":"https://ubuntu.com/security/notices/USN-5292-1","tags":["x_transferred"]},{"name":"[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2022/02/18/2"},{"name":"FEDORA-2022-82bea71e5a","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"},{"name":"FEDORA-2022-5df8b52ba4","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"},{"name":"DSA-5080","tags":["vendor-advisory","x_transferred"],"url":"https://www.debian.org/security/2022/dsa-5080"},{"name":"[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount()","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2022/02/23/1"},{"name":"[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount()","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2022/02/23/2"},{"name":"[oss-security] 20221130 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2022/11/30/2"},{"name":"20221208 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/Dec/4"},{"url":"http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html","tags":["x_transferred"]}]}]}}