CVE Vulnerabilities

CVE-2020-27352

Improper Privilege Management

Published: Jun 21, 2024 | Modified: Jul 11, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
HIGH

When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Snapd Ubuntu bionic *
Snapd Ubuntu devel *
Snapd Ubuntu focal *
Snapd Ubuntu groovy *
Snapd Ubuntu snap *
Snapd Ubuntu trusty *
Snapd Ubuntu xenial *

Potential Mitigations

References