snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. References: http://www.openwall.com/lists/oss-security/2022/02/18/2 https://bugs.launchpad.net/snapd/+bug/1949368
Created snapd tracking bugs for this issue: Affects: epel-all [bug 2056066] Affects: fedora-all [bug 2056067]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.