CVE-2024-1724

Name of the Vulnerable Software and Affected Versions snapd versions prior to 2.62

Description The issue arises when using AppArmor for enforcement of sandbox permissions in snapd. It failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker could convince a user to install a malicious snap that uses the 'home' plug, allowing them to install arbitrary scripts into the users PATH. These scripts may then be run by the user outside of the expected snap sandbox, enabling them to escape confinement.

Recommendations To resolve the issue, update to snapd version 2.62 or later. As a temporary workaround, consider restricting access to the 'home' plug for snaps until the update is applied. Additionally, users can manually remove any suspicious scripts from the $HOME/bin path to minimize the risk of exploitation.