Canonical · Snapd · CVE-2020-27352
Name of the Vulnerable Software and Affected Versions:
snapd (affected versions not specified)
Description:
The issue arises when generating systemd service units for the docker snap and similar snaps, as snapd fails to specify Delegate=yes. As a result, systemd moves processes from containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.