ALT-PU-2024-17961-2

Package update snapd in branch p11

Version2.66.1-alt1

Published2026-02-05

Max severityHIGH

Severity:

Closed issues (3)

HIGH8.1

Уязвимость компонента snapctl утилиты для управления самодостаточными пакетами snapd, связанная с неправильной проверкой входных данных, позволяющая нарушителю повысить свои привилегии

Published: 2024-09-13Modified: 2025-09-10

CVSS 3.xHIGH 8.1

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVSS 2.0HIGH 8.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:C/A:C

References

CVE-2024-5138

HIGH8.1

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar.

Published: 2024-05-31Modified: 2025-08-26

CVSS 3.xHIGH 8.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

References

GHSA-p9v8-q5m4-pf46

MEDIUM4.0

CVE-2024-5138: snapd snapctl auth bypass

Published: 2025-01-16

CVSS 3.xMEDIUM 4.0

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References