USN-5292-3
- Source
- https://ubuntu.com/security/notices/USN-5292-3
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5292-3.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-5292-3
- Upstream
- Related
- Published
- 2022-02-18T02:21:20.350668Z
- Modified
- 2025-10-13T04:35:47Z
- Summary
- snapd vulnerabilities
- Details
-
USN-5292-1 fixed several vulnerabilities in snapd. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to expose sensitive information. (CVE-2021-3155)
Ian Johnson discovered that snapd did not properly validate content interfaces and layout paths. A local attacker could possibly use this issue to inject arbitrary AppArmor policy rules, resulting in a bypass of intended access restrictions. (CVE-2021-4120)
The Qualys Research Team discovered that snapd did not properly validate the location of the snap-confine binary. A local attacker could possibly use this issue to execute other arbitrary binaries and escalate privileges. (CVE-2021-44730)
The Qualys Research Team discovered that a race condition existed in the snapd snap-confine binary when preparing a private mount namespace for a snap. A local attacker could possibly use this issue to escalate privileges and execute arbitrary code. (CVE-2021-44731)
- References
Affected packages
Ubuntu:Pro:14.04:LTS / snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd@2.54.3+14.04~esm1?arch=source&distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.54.3+14.04~esm1
Affected versions
2.*
2.21~14.04.2
2.22.2~14.04
2.22.3~14.04
2.22.6~14.04
2.23.1~14.04
2.24.1~14.04
2.25~14.04
2.26.10~14.04
2.27.5~14.04
2.28.5~14.04
2.29.4.2~14.04
2.32.3.2~14.04
2.32.9~14.04
2.33.1~14.04
2.34.2~14.04
2.34.2~14.04.1
2.37.4~14.04.1
2.38~14.04
Ecosystem specific
{
"binaries": [
{
"binary_name": "golang-github-snapcore-snapd-dev",
"binary_version": "2.54.3+14.04~esm1"
},
{
"binary_name": "golang-github-ubuntu-core-snappy-dev",
"binary_version": "2.54.3+14.04~esm1"
},
{
"binary_name": "snap-confine",
"binary_version": "2.54.3+14.04~esm1"
},
{
"binary_name": "snapd",
"binary_version": "2.54.3+14.04~esm1"
},
{
"binary_name": "snapd-xdg-open",
"binary_version": "2.54.3+14.04~esm1"
},
{
"binary_name": "ubuntu-core-launcher",
"binary_version": "2.54.3+14.04~esm1"
},
{
"binary_name": "ubuntu-core-snapd-units",
"binary_version": "2.54.3+14.04~esm1"
},
{
"binary_name": "ubuntu-snappy",
"binary_version": "2.54.3+14.04~esm1"
},
{
"binary_name": "ubuntu-snappy-cli",
"binary_version": "2.54.3+14.04~esm1"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"cves": [
{
"id": "CVE-2021-4120",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2021-44730",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "high"
}
]
},
{
"id": "CVE-2021-44731",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "high"
}
]
}
]
}
Ubuntu:Pro:16.04:LTS / snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd@2.54.3+16.04~esm2?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.54.3+16.04~esm2
Affected versions
1.*
1.9
1.9.1.1
1.9.2
2.*
2.0
2.0.1
2.0.2
2.0.3
2.0.5
2.0.8
2.0.9
2.0.10
2.11+0.16.04
2.12+0.16.04
2.13
2.14.2~16.04
2.15.2ubuntu1
2.16ubuntu3
2.17.1ubuntu1
2.20.1ubuntu1
2.21
2.22.2
2.22.3
2.22.6
2.23.1
2.24.1
2.25
2.26.10
2.27.5
2.28.5
2.29.4.2
2.32.3.2
2.32.9
2.33.1ubuntu2
2.34.2
2.34.2ubuntu0.1
2.37.4
2.37.4ubuntu0.1
2.38
2.39.2
2.39.2ubuntu0.2
2.40
2.42.1
2.45.1
2.45.1ubuntu0.2
2.46.1
2.47.1
2.48
2.48.3
Ecosystem specific
{
"binaries": [
{
"binary_name": "golang-github-snapcore-snapd-dev",
"binary_version": "2.54.3+16.04~esm2"
},
{
"binary_name": "golang-github-ubuntu-core-snappy-dev",
"binary_version": "2.54.3+16.04~esm2"
},
{
"binary_name": "snap-confine",
"binary_version": "2.54.3+16.04~esm2"
},
{
"binary_name": "snapd",
"binary_version": "2.54.3+16.04~esm2"
},
{
"binary_name": "snapd-xdg-open",
"binary_version": "2.54.3+16.04~esm2"
},
{
"binary_name": "ubuntu-core-launcher",
"binary_version": "2.54.3+16.04~esm2"
},
{
"binary_name": "ubuntu-core-snapd-units",
"binary_version": "2.54.3+16.04~esm2"
},
{
"binary_name": "ubuntu-snappy",
"binary_version": "2.54.3+16.04~esm2"
},
{
"binary_name": "ubuntu-snappy-cli",
"binary_version": "2.54.3+16.04~esm2"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"cves": [
{
"id": "CVE-2021-3155",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2021-4120",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2021-44730",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "high"
}
]
},
{
"id": "CVE-2021-44731",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "high"
}
]
}
]
}