Bug 2291219 (CVE-2024-5138) - CVE-2024-5138 snapd: Privilege escalation may lead to a Denial of Service
Summary: CVE-2024-5138 snapd: Privilege escalation may lead to a Denial of Service
Keywords:
Status: NEW
Alias: CVE-2024-5138
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2291220 2291221
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-06-10 20:54 UTC by Marco Benatto
Modified: 2024-06-10 20:54 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Marco Benatto 2024-06-10 20:54:20 UTC
The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorized action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar.

https://bugs.launchpad.net/snapd/+bug/2065077
https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14
https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46
https://www.cve.org/CVERecord?id=CVE-2024-5138

Comment 1 Marco Benatto 2024-06-10 20:54:36 UTC
Created snapd tracking bugs for this issue:

Affects: epel-all [bug 2291220]
Affects: fedora-all [bug 2291221]


Note You need to log in before you can comment on or make changes to this bug.