CVE-2021-3155 in snapd
Summary
by MITRE • 02/18/2022
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 03/05/2025
The vulnerability identified as CVE-2021-3155 represents a significant privilege escalation and information disclosure issue within the snapd package management system. This flaw affected versions of snapd up to and including 2.54.2, where the system failed to properly secure user directory permissions during the creation of snap-related directories. The issue stems from improper permission handling during the initialization of user home directories, specifically when creating the ~/snap directory structure that snapd uses to manage snap packages and their associated metadata.
The technical root cause of this vulnerability lies in the insufficient access control mechanisms implemented during directory creation. When snapd initializes user environments, it creates ~/snap directories to store snap package data, configuration files, and other sensitive information. However, in affected versions, these directories were created with overly permissive permissions that allowed any user on the system to read the contents of these directories. This represents a clear violation of the principle of least privilege and creates a potential attack vector for local privilege escalation and information disclosure.
From an operational impact perspective, this vulnerability exposes sensitive user data that should remain private to the system's owner. The ~/snap directory structure may contain package metadata, configuration settings, and other information that could be leveraged by an attacker to gain insights into installed applications, system configuration, or potentially sensitive package-related data. The attack surface extends beyond simple information disclosure, as the ability to read these directories could enable more sophisticated attacks, including privilege escalation through the exploitation of other system components that rely on the information stored within these directories.
The vulnerability aligns with CWE-732, which describes improper permission assignment, and represents a classic case of inadequate access control implementation. From an ATT&CK framework perspective, this issue maps to T1068, which covers "Exploitation for Privilege Escalation," and T1083, which covers "File and Directory Discovery." The flaw demonstrates how seemingly minor permission issues can create significant security implications when they affect core system components that manage user environments and package installations.
The fix implemented in snapd versions 2.54.3 and later addresses this issue by ensuring that ~/snap directories are created with proper owner-only permissions. This remediation follows security best practices and aligns with industry standards for secure directory creation and access control. Organizations should prioritize updating their snapd installations to versions 2.54.3 or later across all affected systems, particularly those running Ubuntu 18.04, 20.04, and 21.10.1 releases. The update process should include comprehensive testing to ensure that existing snap package functionality remains intact while the security vulnerability is properly addressed.