PT-2020-12931 · Canonical+1 · Snapd+3

Ian Johnson

Published

2020-07-15

Updated

2021-11-04

CVE-2020-11933

CVSS v3.1

7.3

High

Vector

AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions snapd versions prior to 2.45.2 Ubuntu Core versions prior to 2.45.2

Description A physical attacker could exploit this issue by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device, bypassing intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems.

Recommendations For snapd versions prior to 2.45.2, update to version 2.45.2 or later. For Ubuntu Core versions prior to 2.45.2, update to version 2.45.2 or later. As a temporary workaround, consider restricting access to external media to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2020-11933

USN-4424-1

Affected Products

Linuxmint

Ubuntu

Ubuntu Core

Snapd

PT-2020-12931 · Canonical+1 · Snapd+3

CVE-2020-11933

Weakness Enumeration

Related Identifiers

Affected Products

References · 9