snapd

CVEs related to bugs in snapd

Open bugs

Bug	CVE(s)
Bug #1721223: Networkd fail to set ip address between leases if ip address changes on UbuntuCore	CVE-2017-15908
snapd	Fix committed by Michael Vogt
Bug #1746463: apparmor profile load in stacked policy container fails	CVE-2017-0861 CVE-2017-1000405 CVE-2017-1000407 CVE-2017-15129 CVE-2017-16994 CVE-2017-17448 CVE-2017-17450 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-17807 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-1000026 CVE-2018-5332 CVE-2018-5333 CVE-2018-5344
snapd	Triaged (unassigned)
Bug #1928567: Inconsistent output for "snap refresh"/"snap refresh <specific_snap>"	CVE-2023-4863
snapd	Triaged (unassigned)
Bug #1980861: Please enable CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU	CVE-2022-2978
snapd	New (unassigned)
Bug #1998538: userd: xdg-open of help URLs no longer work	CVE-2020-11934
snapd	New, assigned to Sergio Costas
Bug #2073475: snap changes is too secretive	CVE-2024-1724 CVE-2024-29068
snapd	Confirmed (unassigned)

Resolved bugs

Bug	CVE(s)
Bug #1567597: implement 'complain mode' in seccomp for developer mode with snaps	CVE-2017-1000252 CVE-2017-10663 CVE-2017-10911 CVE-2017-11176 CVE-2017-14340
snapd	Fix released, assigned to Tyler Hicks
Bug #1721676: implement errno action logging in seccomp for strict mode with snaps	CVE-2017-1000252 CVE-2017-10663 CVE-2017-10911 CVE-2017-11176 CVE-2017-14340
snapd	Fix released, assigned to Tyler Hicks
Bug #1730255: snapd gives all users access to system logs	CVE-2017-14178
snapd	Fix released, assigned to John Lenton
Bug #1812973: snap: seccomp blacklist for TIOCSTI can be circumvented	CVE-2019-7303
snapd	Fix released, assigned to Zygmunt Krynicki
Bug #1813365: Local privilege escalation via snapd socket	CVE-2019-7304
snapd	Fix released, assigned to Zygmunt Krynicki
Bug #1840375: groupdel doesn't support extrausers	CVE-2018-7169
snapd	Fix released, assigned to Michael Vogt
Bug #1879530: ubuntu core cloud-init allows infinite creation of sudo users	CVE-2020-11933
snapd	Fix released, assigned to Ian Johnson
Bug #1880085: snap userd's OpenURL method allows sandox escape	CVE-2020-11934
snapd	Fix released (unassigned)
Bug #1900693: snapd cannot refresh on some SD cards due to uboot bug	CVE-2020-8432
snapd	Fix released, assigned to Samuele Pedroni
Bug #1910298: ~/snap directory should be o0700	CVE-2021-3155
snapd	Fix released, assigned to Miguel Pires
Bug #1910456: container management snaps should have Delegate=true in their systemd unit	CVE-2019-5736 CVE-2020-15257 CVE-2020-27352
snapd	Fix released, assigned to Ian Johnson
Bug #1949368: snapd fails to validate content interface settings, resulting in sandbox escape	CVE-2021-4120
snapd	Fix released (unassigned)
Bug #2065077: Security: snapd snapctl Auth Bypass	CVE-2024-5138
snapd	Fix released, assigned to Zygmunt Krynicki
Bug #2110289: snapd has high CPU usage for exactly 150 seconds every 5, 7.5 or 10 minutes	CVE-2025-37797 CVE-2025-37799 CVE-2025-37800 CVE-2025-37801 CVE-2025-37802 CVE-2025-37803 CVE-2025-37804 CVE-2025-37805 CVE-2025-37806 CVE-2025-37807 CVE-2025-37808 CVE-2025-37809 CVE-2025-37810 CVE-2025-37811 CVE-2025-37812 CVE-2025-37813 CVE-2025-37814 CVE-2025-37815 CVE-2025-37816 CVE-2025-37817 CVE-2025-37818 CVE-2025-37819 CVE-2025-37820 CVE-2025-37821 CVE-2025-37822 CVE-2025-37823 CVE-2025-37824 CVE-2025-37825 CVE-2025-37826 CVE-2025-37827 CVE-2025-37828 CVE-2025-37829 CVE-2025-37830 CVE-2025-37831 CVE-2025-37832 CVE-2025-37833 CVE-2025-37834 CVE-2025-37838 CVE-2025-37876 CVE-2025-37877 CVE-2025-37878 CVE-2025-37879 CVE-2025-37880 CVE-2025-37881 CVE-2025-37882 CVE-2025-37883 CVE-2025-37884 CVE-2025-37885 CVE-2025-37886 CVE-2025-37887 CVE-2025-37888
snapd	Invalid (unassigned)