CVE-2021-4120 - OpenCVE

snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Snapd Ubuntu Linux
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:21.10:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/02/18/2
https://bugs.launchpad.net/snapd/+bug/1949368
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/
https://ubuntu.com/security/notices/USN-5292-1

History

No history.

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2022-02-17T22:15:21

Updated: 2024-08-03T17:16:04.197Z

Reserved: 2021-12-14T00:00:00

Link: CVE-2021-4120

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-02-17T23:15:07.550

Modified: 2023-11-07T03:40:12.727

Link: CVE-2021-4120

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "snapd", "vendor": "Canonical Ltd.", "versions": [{"lessThanOrEqual": "2.54.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Ian Johnson"}], "descriptions": [{"lang": "en", "value": "snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-20T02:06:22", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ubuntu.com/security/notices/USN-5292-1"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/snapd/+bug/1949368"}, {"name": "[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"}, {"name": "FEDORA-2022-82bea71e5a", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"}, {"name": "FEDORA-2022-5df8b52ba4", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"}], "source": {"defect": ["https://launchpad.net/bugs/1949368"], "discovery": "INTERNAL"}, "title": "snapd could be made to bypass intended access restrictions through snap content interfaces and layout paths", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2021-4120", "STATE": "PUBLIC", "TITLE": "snapd could be made to bypass intended access restrictions through snap content interfaces and layout paths"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "snapd", "version": {"version_data": [{"version_affected": "<=", "version_value": "2.54.2"}]}}]}, "vendor_name": "Canonical Ltd."}]}}, "credit": [{"lang": "eng", "value": "Ian Johnson"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://ubuntu.com/security/notices/USN-5292-1", "refsource": "MISC", "url": "https://ubuntu.com/security/notices/USN-5292-1"}, {"name": "https://bugs.launchpad.net/snapd/+bug/1949368", "refsource": "MISC", "url": "https://bugs.launchpad.net/snapd/+bug/1949368"}, {"name": "[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"}, {"name": "FEDORA-2022-82bea71e5a", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"}, {"name": "FEDORA-2022-5df8b52ba4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"}]}, "source": {"defect": ["https://launchpad.net/bugs/1949368"], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:16:04.197Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5292-1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.launchpad.net/snapd/+bug/1949368"}, {"name": "[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"}, {"name": "FEDORA-2022-82bea71e5a", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"}, {"name": "FEDORA-2022-5df8b52ba4", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2021-4120", "datePublished": "2022-02-17T22:15:21", "dateReserved": "2021-12-14T00:00:00", "dateUpdated": "2024-08-03T17:16:04.197Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:snapd:*:*:*:*:*:*:*:*", "matchCriteriaId": "90115CE1-12C4-4504-A1A2-9C118694C398", "versionEndIncluding": "2.54.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*", "matchCriteriaId": "AAE4D2D0-CEEB-416F-8BC5-A7987DF56190", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"}, {"lang": "es", "value": "snapd versi\u00f3n 2.54.2, no lleva a cabo una comprobaci\u00f3n suficiente de la interfaz de contenido de snap y de las rutas de dise\u00f1o, resultando en una posibilidad de que los snaps inyecten reglas de pol\u00edtica de AppArmor arbitrarias por medio de declaraciones de interfaz de contenido y de dise\u00f1o mal formadas y, por tanto, escapen al confinamiento estricto de snap. Corregido en snapd versiones 2.54.3+18.04, 2.54.3+20.04 y 2.54.3+21.10.1"}], "id": "CVE-2021-4120", "lastModified": "2023-11-07T03:40:12.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2022-02-17T23:15:07.550", "references": [{"source": "security@ubuntu.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"}, {"source": "security@ubuntu.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugs.launchpad.net/snapd/+bug/1949368"}, {"source": "security@ubuntu.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"}, {"source": "security@ubuntu.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"}, {"source": "security@ubuntu.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://ubuntu.com/security/notices/USN-5292-1"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@ubuntu.com", "type": "Secondary"}]}