The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar.
Source: Canonical Ltd.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-05-31
Updated
2024-06-03
It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4.
Source: Canonical Ltd.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-04-04
Updated
2024-04-04
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.
Source: Canonical Ltd.
Max CVSS
6.7
EPSS Score
0.05%
Published
2024-02-14
Updated
2024-02-15
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Source: MITRE
Max CVSS
6.3
EPSS Score
0.09%
Published
2023-12-08
Updated
2024-01-05
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.
Source: MITRE
Max CVSS
5.3
EPSS Score
0.13%
Published
2023-09-27
Updated
2023-10-05
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-08-14
Updated
2024-01-11
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-06-16
Updated
2023-11-02
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels
Source: Canonical Ltd.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-07-26
Updated
2023-09-11
Landscape allowed URLs which caused open redirection.
Source: Canonical Ltd.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-06-06
Updated
2023-06-14
Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API.
Source: Canonical Ltd.
Max CVSS
9.3
EPSS Score
0.11%
Published
2023-06-06
Updated
2023-06-15
Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator.
Source: Canonical Ltd.
Max CVSS
7.5
EPSS Score
0.12%
Published
2023-06-06
Updated
2023-06-16
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
Source: Canonical Ltd.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-07-05
Updated
2024-02-01
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.
Source: Canonical Ltd.
Max CVSS
6.4
EPSS Score
0.04%
Published
2023-12-12
Updated
2023-12-18
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
Source: Canonical Ltd.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-10-07
Updated
2023-10-11
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.
Source: Google Inc.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-09-06
Updated
2023-11-29
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
Source: Red Hat, Inc.
Max CVSS
7.1
EPSS Score
0.04%
Published
2023-07-24
Updated
2024-05-22
A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).
Source: Google Inc.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-06-28
Updated
2023-10-26
In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.
Source: Canonical Ltd.
Max CVSS
8.1
EPSS Score
0.04%
Published
2023-09-01
Updated
2023-09-07
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.
Source: Canonical Ltd.
Max CVSS
7.8
EPSS Score
0.16%
Published
2023-07-26
Updated
2023-08-03
Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock).
Source: Canonical Ltd.
Max CVSS
4.7
EPSS Score
0.04%
Published
2023-05-31
Updated
2023-06-22
Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.
Source: Canonical Ltd.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-04-26
Updated
2023-05-08
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.
Source: Canonical Ltd.
Max CVSS
10.0
EPSS Score
0.06%
Published
2023-09-01
Updated
2023-09-08
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.
Source: Red Hat, Inc.
Max CVSS
7.1
EPSS Score
0.04%
Published
2023-03-27
Updated
2023-12-08
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
Source: Canonical Ltd.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-04-13
Updated
2023-04-19
The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.
Source: Canonical Ltd.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-01-08
Updated
2024-01-11
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!