snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
{ "ubuntu_priority": "high", "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_name": "golang-github-snapcore-snapd-dev", "binary_version": "2.54.3+14.04~esm1" }, { "binary_name": "golang-github-ubuntu-core-snappy-dev", "binary_version": "2.54.3+14.04~esm1" }, { "binary_name": "snap-confine", "binary_version": "2.54.3+14.04~esm1" }, { "binary_name": "snapd", "binary_version": "2.54.3+14.04~esm1" }, { "binary_name": "snapd-dbgsym", "binary_version": "2.54.3+14.04~esm1" }, { "binary_name": "snapd-xdg-open", "binary_version": "2.54.3+14.04~esm1" }, { "binary_name": "ubuntu-core-launcher", "binary_version": "2.54.3+14.04~esm1" }, { "binary_name": "ubuntu-core-snapd-units", "binary_version": "2.54.3+14.04~esm1" }, { "binary_name": "ubuntu-snappy", "binary_version": "2.54.3+14.04~esm1" }, { "binary_name": "ubuntu-snappy-cli", "binary_version": "2.54.3+14.04~esm1" } ] }
{ "ubuntu_priority": "high", "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_name": "golang-github-snapcore-snapd-dev", "binary_version": "2.54.3+16.04~esm2" }, { "binary_name": "golang-github-ubuntu-core-snappy-dev", "binary_version": "2.54.3+16.04~esm2" }, { "binary_name": "snap-confine", "binary_version": "2.54.3+16.04~esm2" }, { "binary_name": "snapd", "binary_version": "2.54.3+16.04~esm2" }, { "binary_name": "snapd-dbgsym", "binary_version": "2.54.3+16.04~esm2" }, { "binary_name": "snapd-xdg-open", "binary_version": "2.54.3+16.04~esm2" }, { "binary_name": "ubuntu-core-launcher", "binary_version": "2.54.3+16.04~esm2" }, { "binary_name": "ubuntu-core-snapd-units", "binary_version": "2.54.3+16.04~esm2" }, { "binary_name": "ubuntu-snappy", "binary_version": "2.54.3+16.04~esm2" }, { "binary_name": "ubuntu-snappy-cli", "binary_version": "2.54.3+16.04~esm2" } ] }
{ "ubuntu_priority": "high", "availability": "No subscription required", "binaries": [ { "binary_name": "golang-github-snapcore-snapd-dev", "binary_version": "2.54.3+18.04" }, { "binary_name": "golang-github-ubuntu-core-snappy-dev", "binary_version": "2.54.3+18.04" }, { "binary_name": "snap-confine", "binary_version": "2.54.3+18.04" }, { "binary_name": "snapd", "binary_version": "2.54.3+18.04" }, { "binary_name": "snapd-dbgsym", "binary_version": "2.54.3+18.04" }, { "binary_name": "snapd-xdg-open", "binary_version": "2.54.3+18.04" }, { "binary_name": "ubuntu-core-launcher", "binary_version": "2.54.3+18.04" }, { "binary_name": "ubuntu-core-snapd-units", "binary_version": "2.54.3+18.04" }, { "binary_name": "ubuntu-snappy", "binary_version": "2.54.3+18.04" }, { "binary_name": "ubuntu-snappy-cli", "binary_version": "2.54.3+18.04" } ] }
{ "ubuntu_priority": "high", "availability": "No subscription required", "binaries": [ { "binary_name": "golang-github-snapcore-snapd-dev", "binary_version": "2.54.3+20.04" }, { "binary_name": "golang-github-ubuntu-core-snappy-dev", "binary_version": "2.54.3+20.04" }, { "binary_name": "snap-confine", "binary_version": "2.54.3+20.04" }, { "binary_name": "snapd", "binary_version": "2.54.3+20.04" }, { "binary_name": "snapd-dbgsym", "binary_version": "2.54.3+20.04" }, { "binary_name": "snapd-xdg-open", "binary_version": "2.54.3+20.04" }, { "binary_name": "ubuntu-core-launcher", "binary_version": "2.54.3+20.04" }, { "binary_name": "ubuntu-core-snapd-units", "binary_version": "2.54.3+20.04" }, { "binary_name": "ubuntu-snappy", "binary_version": "2.54.3+20.04" }, { "binary_name": "ubuntu-snappy-cli", "binary_version": "2.54.3+20.04" } ] }