snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass." Reference: https://www.openwall.com/lists/oss-security/2019/04/18/4 https://github.com/snapcore/snapd/pull/6642
Created snapd tracking bugs for this issue: Affects: fedora-all [bug 1706018] Created snapd-glib tracking bugs for this issue: Affects: fedora-all [bug 1706019]
Created snapd tracking bugs for this issue: Affects: epel-7 [bug 1706020] Created snapd-glib tracking bugs for this issue: Affects: epel-7 [bug 1706021]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.