DEBIAN-CVE-2021-4120

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2021-4120

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-4120.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-4120

Upstream

CVE-2021-4120

Published

2022-02-17T23:15:07Z

Modified

2025-09-19T07:31:49.356402Z

Summary

[none]

Details

snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

References

https://security-tracker.debian.org/tracker/CVE-2021-4120

Affected packages

Debian:11 / snapd

Package

Name: snapd
Purl: pkg:deb/debian/snapd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.49-1+deb11u1

Affected versions

2.*

2.49-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / snapd

Package

Name: snapd
Purl: pkg:deb/debian/snapd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.54.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / snapd

Package

Name: snapd
Purl: pkg:deb/debian/snapd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.54.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / snapd

Package

Name: snapd
Purl: pkg:deb/debian/snapd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.54.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}