#VU95152 Security features bypass in Snapd - CVE-2024-1724

Cybersecurity Help s.r.o.

Published: 2024-08-01

Vulnerability identifier: #VU95152

Vulnerability risk: Medium

CVSSv4.0: 4.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-1724

CWE-ID: CWE-254

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Snapd
Universal components / Libraries / Software for developers

Vendor: snapcore

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists die to snapd failes to restrict writes to the $HOME/bin path when using AppArmor for enforcement of sandbox permissions. A remote attacker can trick the victim to install a malicious snap and install arbitrary scripts into the users PATH which.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Snapd: 2.0 - 2.61.3

External links
https://github.com/snapcore/snapd/commit/aa191f97713de8dc3ce3ac818539f0b976eb8ef6
https://gld.mcphail.uk/posts/explaining-cve-2024-1724/
https://github.com/snapcore/snapd/pull/13689

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for snapd

Multiple vulnerabilities in Snapd