CVE-2021-44731— snapd could be made to escalate privileges and run programs as administrator
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-44731
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
snapd could be made to escalate privileges and run programs as administrator
Source: NVD (National Vulnerability Database)
Vulnerability Description
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Snapd 竞争条件问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Snapd是开源的一个跨平台的包管理工具。 snapd 2.54.2版本存在竞争条件问题漏洞,该漏洞源于当为snap准备私有挂载命名空间时,snap2.54.2 snap- restricted二进制文件中存在一个竞争条件。这可能允许本地攻击者可利用该漏洞通过在snap的私有挂载名称空间中绑定挂载自己的内容,从而获得根权限,并执行任意代码,从而获得权限升级。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Canonical Ltd. | snapd | unspecified ~ 2.54.2 | - |
II. Public POCs for CVE-2021-44731
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Local Privilege Escalation Exploit for CVE-2021-44731 | https://github.com/deeexcee-io/CVE-2021-44731-snap-confine-SUID | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-44731
请登录查看更多情报信息。
- https://www.debian.org/security/2022/dsa-5080vendor-advisory
- http://seclists.org/fulldisclosure/2022/Dec/4mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2021-44731
Same Patch Batch · Canonical Ltd. · 2022-02-17 · 4 CVEs total
| CVE-2021-4120 | 8.2 HIGH | snapd could be made to bypass intended access restrictions through snap content interfaces |
| CVE-2021-44730 | 7.8 HIGH | snapd could be made to escalate privileges and run programs as administrator |
| CVE-2021-3155 | 3.8 LOW | snapd created ~/snap with too-wide permissions |
IV. Related Vulnerabilities
V. Comments for CVE-2021-44731
No comments yet