Ian Johnson

**Name of the Vulnerable Software and Affected Versions** snapd versions 2.54.2 **Description** The issue is related to insufficient validation of input data in the snapd utility, which can allow an attacker to elevate privileges in the system and execute arbitrary code by injecting arbitrary AppArmor policy rules via malformed content interface and layout declarations. This can lead to escaping strict snap confinement. **Recommendations** For snapd version 2.54.2, update to version 2.54.3+18.04, 2.54.3+20.04, or 2.54.3+21.10.1 to resolve the issue. As a temporary workaround, consider restricting the use of the `snap content interface` and `layout declarations` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** snapd versions prior to 2.45.2 Ubuntu Core versions prior to 2.45.2 **Description** A physical attacker could exploit this issue by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device, bypassing intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. **Recommendations** For snapd versions prior to 2.45.2, update to version 2.45.2 or later. For Ubuntu Core versions prior to 2.45.2, update to version 2.45.2 or later. As a temporary workaround, consider restricting access to external media to minimize the risk of exploitation.