Tylnesh

**Name of the Vulnerable Software and Affected Versions** pulseaudio versions 1:8.0 through 1:8.0-0ubuntu3.11 pulseaudio versions 1:11.1 through 1:11.1-1ubuntu7.6 pulseaudio versions 1:13.0 through 1:13.0-1ubuntu1.1 pulseaudio versions 1:13.99.1 through 1:13.99.1-1ubuntu3.1 **Description** The issue is related to an Ubuntu-specific modification to Pulseaudio, which provides security mediation for Snap-packaged applications. It was found that there is a bypass of intended access restriction for snaps that plug any of pulseaudio, audio-playback, or audio-record via unloading the pulseaudio snap policy module. **Recommendations** For pulseaudio versions 1:8.0 through 1:8.0-0ubuntu3.11, update to version 1:8.0-0ubuntu3.12 or later. For pulseaudio versions 1:11.1 through 1:11.1-1ubuntu7.6, update to version 1:11.1-1ubuntu7.7 or later. For pulseaudio versions 1:13.0 through 1:13.0-1ubuntu1.1, update to version 1:13.0-1ubuntu1.2 or later. For pulseaudio versions 1:13.99.1 through 1:13.99.1-1ubuntu3.1, update to version 1:13.99.1-1ubuntu3.2 or later.