CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
EPSS
Percentile
29.4%
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices
was run without restrictions on every boot, which a physical attacker could
exploit by crafting cloud-init user-data/meta-data via external media to
perform arbitrary changes on the device to bypass intended security
mechanisms such as full disk encryption. This issue did not affect
traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539
and core version 2.45.2, revision 9659.
Author | Note |
---|---|
jdstrand | cloud-init as managed by snapd is only used on Ubuntu Core 16 and 18 devices. This does not affect traditional Ubuntu cloud, desktop and server systems or the upcoming Ubuntu Core 20. Since the attack requires physical presence, the vulnerability provides no additional access to standard Ubuntu Core devices. For Ubuntu Core devices with full disk encryption, the vulnerability allows admin access to the device after the disk has been decrypted. snapd will be updated to disable/restrict cloud-init after the first boot. Since this does not affect traditional deb-based Ubuntu systems, security updates will not be provided for the snapd deb in the Ubuntu archive and these debs are marked as ‘not-affected’. For notification purposes we will issue a USN for this. Ubuntu Core 16 devices will be updated via the ‘core’ snap which includes snapd Ubuntu Core 18 devices will be updated via the ‘snapd’ snap (which is provided separated from the core18 snap) 20.04 LTS Raspberry Pi images are affected but do not include FDE. A non-security bug task has been added to https://launchpad.net/bugs/1879530. |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
EPSS
Percentile
29.4%