The researchers of Qualys have found several vulnerabilities in the snap-confine function of the Linux operating system. According to the whitepaper Qualys published, one of them allows attackers to escalate privilege to gain root access. This issue can be tracked by CVE-2021-44731 and has a CVSS score of 7.8. The flaw can only be exploited locally.
7 vulnerabilities in total
There are 6 more vulnerabilities related to Linux Snap features. CVE-2021-44730, which also allows local escalation of privilege has the same CVSS score as CVE-2021-44731; 7.8. The other flaws related to the Snap features are listed below:
- CVE-2021-3996: Unauthorized unmount in util-linux’s libmount
- CVE-2021-3995: Unauthorized unmount in util-linux’s libmount
- CVE-2021-3998: Unexpected return value from glibc’s realpath()
- CVE-2021-3999: Off-by-one buffer overflow/underflow in glibc’s getcwd()
- CVE-2021-3997: Uncontrolled recursion in systemd’s systemd-tmpfiles
Snap is a widely used system that is used for packaging and distributing applications on Linux operating system. Bharat Jogi, director of vulnerability and threat research at Qualys has explained Snap:
« Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel. The packages, called snaps, and the tool for using them, snapd, work across a range of Linux distributions and allow upstream software developers to distribute their applications directly to users. Snaps are self-contained applications running in a sandbox with mediated access to the host system. Snap-confine is a program used internally by snapd to construct the execution environment for snap applications. »
Currently, the vulnerabilities have no mitigations. Hopefully, they are only exploitable locally, which lowers the risks by far.