cvedb.io
CVE-2021-4120
HIGH · CVSS 8.2
EPSS exploitation probability: 0%
Published 2022-02-17T23:15:07.550 · Last modified 2026-06-17T04:19:04.030

Summary

snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

Affected products

canonical — snapd

Does this affect you?

Add your gear to cvedb and we'll alert you only when canonical ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.