Qualys security researchers have uncovered a number of flaws in Canonical’s Snap software packaging and deployment system.
Bharat Jogi, director of vulnerability and threat research at Qualys, explained that they discovered multiple vulnerabilities in the snap-confine function on Linux operating systems, “the most important of which can be exploited to escalate privilege to gain root privileges.”
“The packages, called snaps, and the tool for using them, snapd, work across a range of Linux distributions and allow upstream software developers to distribute their applications directly to users. Snaps are self-contained applications running in a sandbox with mediated access to the host system. Snap-confine is a program used internally by snapd to construct the execution environment for snap applications,” Jogi said, noting that the main issue was CVE-2021-44731.