2291219 – (CVE-2024-5138) CVE-2024-5138 snapd: Privilege escalation may lead to a Denial of Service

Bug 2291219 (CVE-2024-5138) - CVE-2024-5138 snapd: Privilege escalation may lead to a Denial of Service

Summary: CVE-2024-5138 snapd: Privilege escalation may lead to a Denial of Service

Keywords:
Status:	NEW
Alias:	CVE-2024-5138
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2291220 2291221
Blocks:
TreeView+	depends on / blocked

Reported:	2024-06-10 20:54 UTC by Marco Benatto
Modified:	2024-06-10 20:54 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Marco Benatto 2024-06-10 20:54:20 UTC

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorized action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar.

https://bugs.launchpad.net/snapd/+bug/2065077
https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14
https://github.com/snapcore/snapd/security/advisories/GHSA-p9v8-q5m4-pf46
https://www.cve.org/CVERecord?id=CVE-2024-5138

Comment 1 Marco Benatto 2024-06-10 20:54:36 UTC

Created snapd tracking bugs for this issue:

Affects: epel-all [bug 2291220]
Affects: fedora-all [bug 2291221]

Note You need to log in before you can comment on or make changes to this bug.