2293728 – (CVE-2020-27352) CVE-2020-27352 snapd: access restriction can be bypassed by container management snaps

Bug 2293728 (CVE-2020-27352) - CVE-2020-27352 snapd: access restriction can be bypassed by container management snaps

Summary: CVE-2020-27352 snapd: access restriction can be bypassed by container manage...

Keywords:
Status:	NEW
Alias:	CVE-2020-27352
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2293729 2293730
Blocks:
TreeView+	depends on / blocked

Reported:	2024-06-21 21:09 UTC by Robb Gatica
Modified:	2024-06-21 21:10 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Robb Gatica 2024-06-21 21:09:48 UTC

When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.

https://bugs.launchpad.net/snapd/+bug/1910456
https://ubuntu.com/security/notices/USN-4728-1
https://www.cve.org/CVERecord?id=CVE-2020-27352

Comment 1 Robb Gatica 2024-06-21 21:10:05 UTC

Created snapd tracking bugs for this issue:

Affects: epel-all [bug 2293729]
Affects: fedora-all [bug 2293730]

Note You need to log in before you can comment on or make changes to this bug.