CVE-2019-7304

Name of the Vulnerable Software and Affected Versions Canonical snapd versions prior to 2.37.1

Description The issue is related to insufficient access control in the snapd utility, which can be exploited to elevate privileges using a specially crafted file. This allows an attacker to run arbitrary commands as root due to incorrect socket owner validation.

Recommendations For versions prior to 2.37.1, update to version 2.37.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the snapd socket to minimize the risk of exploitation.