CVE-2020-11933

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-11933

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11933.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-11933

Related

USN-4424-1

Published

2020-07-29T17:15:12Z

Modified

2025-01-14T08:15:29.630918Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659.

References

Affected packages

Git / github.com/snapcore/snapd

Affected ranges

Type: GIT
Repo: https://github.com/snapcore/snapd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0c15ed0ad6ea8dd4ab94a5f6ca312926be989ef5

Affected versions

0.*

0.1-0ubuntu1

0.2

0.2.10

0.2.11

0.2.12

0.2.13

0.2.3

0.2.4

0.2.8

0.2.9

1.*

1.0-0ubuntu1

1.0.1

1.0.1-0ubuntu1

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.17

1.0.2

1.0.20

1.0.21

1.0.22

1.0.23

1.0.24

1.0.25

1.0.25.1

1.0.26

1.0.27

1.0.28

1.0.29

1.0.3

1.0.30

1.0.31

1.0.32

1.0.33

1.0.34

1.0.35

1.0.36

1.0.37

1.0.38

1.0.39

1.0.4

1.0.40

1.0.41

1.0.42

1.0.42.1

1.0.43

1.0.44

1.0.5

1.0.6

1.0.8

1.0.9

1.1-0ubuntu1

1.1.1-0ubuntu1

1.1.2-0ubuntu1

1.2-0ubuntu1

1.3ubuntu1

1.4ubuntu1

1.5ubuntu1

1.6ubuntu1

1.7.2+20160113ubuntu1

1.7.2+20160204ubuntu1

1.7.2+20160223ubuntu1

1.7.2ubuntu1

1.7.3+20160225ubuntu1

1.7.3+20160303ubuntu1

1.7.3+20160303ubuntu2

1.7.3+20160303ubuntu3

1.7.3+20160303ubuntu4

1.7.3+20160308ubuntu1

1.7.3+20160310ubuntu1

1.7ubuntu1

1.9

1.9.1

1.9.2

1.9.3

1.9.4

2.*

2.0

2.0.10

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.8.1

2.0.9

2.11

2.12

2.13

2.14

2.14.1

2.14.2.16.04

2.15

2.15.1

2.15.2

2.17

2.17.1

2.18

2.18.1

2.19

2.20

2.20.1

2.21

2.22

2.22.1

2.22.2

2.22.3

2.22.4

2.22.5

2.22.6

2.22.7

2.23

2.23.1

2.24

2.25

2.26

2.26.1

2.26.10

2.26.13

2.26.14

2.26.2

2.26.3

2.26.4

2.26.5

2.26.6

2.26.8

2.26.9

2.27

2.27.1

2.27.2

2.27.3

2.27.4

2.27.5

2.27.6

2.28

2.28.1

2.28.2

2.28.3

2.28.4

2.28.5

2.29

2.29.1

2.29.2

2.29.3

2.29.3.1

2.29.4

2.29.4.1

2.30

2.31

2.31.1

2.31.2

2.32

2.32.1

2.32.2

2.32.3

2.32.3.2

2.32.4

2.32.5

2.32.6

2.32.7

2.32.8

2.32.9

2.33

2.33.1

2.34

2.34.1

2.34.2

2.34.3

2.35

2.35.1

2.35.2

2.35.4

2.35.5

2.36

2.36.1

2.36.2

2.36.3

2.37

2.37.1

2.37.2

2.37.3

2.37.4

2.38

2.38.1

2.39

2.39.1

2.39.2

2.39.3

2.40

2.41

2.41.pre1

2.42

2.42.1

2.42.2

2.42.3

2.42.4

2.42.5

2.43

2.43.1

2.43.2

2.43.3

2.44

2.44.1

2.44.2

2.44.3

2.45

2.45.1

Other

ppa

untagged-ec50ee5bfb45daefc236