Vulnerability Detail
Patch Link
https://ubuntu.com/security/notices/USN-5292-1
For a detailed advisory, download the pdf file here
A privilege escalation vulnerability has been identified in Canonical Snap software package manager that affects the Linux-based operating systems. Successful exploitation of this issue might allow an attacker to escalate privileges and gain root access to the affected system.
The issue being tracked as CVE-2021-44731 exists due to a race condition in the ‘snap-confine’ function, a program used internally by snapd to construct the execution environment for snap applications. A local attacker can use this flaw to gain root privileges by bind-mounting their own contents inside the snap’s private mount namespace and causing ‘snap-confine’ function to run arbitrary code.
To address this vulnerability, organizations should upgrade their snap (package manager) to versions 2.54.3+18.04, 2.54.3+20.04, and 2.54.3+21.10.1.
Potential MITRE ATT&CK TTPs are:
TA0004: Privilege Escalation
T1068- Exploitation for Privilege Escalation
Get through updates and upcoming events, and more directly in your inbox