Vulnerability Description
When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Snapd | < 2.48.3 |
| Canonical | Ubuntu Linux | 16.04 |
Related Weaknesses (CWE)
References
- https://bugs.launchpad.net/snapd/+bug/1910456ExploitIssue Tracking
- https://ubuntu.com/security/notices/USN-4728-1Vendor Advisory
- https://www.cve.org/CVERecord?id=CVE-2020-27352Third Party Advisory
- https://bugs.launchpad.net/snapd/+bug/1910456ExploitIssue Tracking
- https://ubuntu.com/security/notices/USN-4728-1Vendor Advisory
- https://www.cve.org/CVERecord?id=CVE-2020-27352Third Party Advisory
FAQ
What is CVE-2020-27352?
CVE-2020-27352 is a vulnerability with a CVSS score of 9.3 (CRITICAL). When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and m...
How severe is CVE-2020-27352?
CVE-2020-27352 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-27352?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Snapd, Canonical Ubuntu Linux.