Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2020-27352

When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.

Related bugs and status

CVE-2020-27352 (Candidate) is related to these bugs:

Bug #1906690: [SRU] 2.48.2

Summary				In	Importance	Status
	1906690	[SRU] 2.48.2		snapd (Ubuntu)	Undecided	Fix Released

Bug #1910456: container management snaps should have Delegate=true in their systemd unit

Summary				In	Importance	Status
	1910456	container management snaps should have Delegate=true in their systemd unit		snapd	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.launchpad...
MISC: https://ubuntu.com/sec...
MISC: https://www.cve.org/CV...