CVE-2024-1724

EUVD-2024-2247
In snapd versions prior to 2.62, when using AppArmor for enforcement of 
sandbox permissions, snapd failed to restrict writes to the $HOME/bin
path. In Ubuntu, when this path exists, it is automatically added to
the users PATH. An attacker who could convince a user to install a
malicious snap which used the 'home' plug could use this vulnerability
to install arbitrary scripts into the users PATH which may then be run
by the user outside of the expected snap sandbox and hence allow them
to escape confinement.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
canonicalCNA
6.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Affected Products (NVD)
VendorProductVersion
canonicalsnapd
𝑥
< 2.62
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
snapd
bookworm
no-dsa
bullseye
no-dsa
bullseye (security)
vulnerable
forky
2.71-3
fixed
sid
2.71-3
fixed
trixie
2.68.3-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
snapd
bionic
Fixed 2.61.4ubuntu0.18.04.1+esm1
released
focal
Fixed 2.63+20.04ubuntu0.1
released
jammy
Fixed 2.63+22.04ubuntu0.1
released
mantic
ignored
noble
Fixed 2.63+24.04ubuntu0.1
released
oracular
Fixed 2.63+24.10
released
trusty
ignored
xenial
Fixed 2.61.4ubuntu0.16.04.1+esm1
released
Common Weakness Enumeration
References
https://github.com/snapcore/snapd/commit/aa191f97713de8dc3ce3ac818539f0b976eb8ef6
https://github.com/snapcore/snapd/pull/13689
https://gld.mcphail.uk/posts/explaining-cve-2024-1724/
https://github.com/snapcore/snapd/commit/aa191f97713de8dc3ce3ac818539f0b976eb8ef6
https://github.com/snapcore/snapd/pull/13689
https://gld.mcphail.uk/posts/explaining-cve-2024-1724/