Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
local snapd exploit through cloud-init
Vulnerability Description
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659.
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
权限、特权和访问控制
Vulnerability Title
cloud-init 安全漏洞
Vulnerability Description
Cloud-init是一款用于云平台的虚拟机初始化工具。 Canonical snapd(Ubuntu Core 16版本和Ubuntu Core 18版本)中的cloud-init存在安全漏洞。攻击者可借助cloud-init用户数据/元数据利用该漏洞在设备上执行任意更改,绕过安全机制。
CVSS Information
N/A
Vulnerability Type
N/A