Description
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- Canonical / pulseaudio1:13.99.3-1 – 1:13.99.3-1ubuntu2
- Canonical / pulseaudio1:13.99.2-1 – 1:13.99.2-1ubuntu2.1
- Canonical / pulseaudio1:13.99.1-1 – 1:13.99.1-1ubuntu3.8
- Canonical / pulseaudio1:11.1-1 – 1:11.1-1ubuntu7.11
- Canonical / pulseaudio1:8.0-0 – 1:8.0-0ubuntu3.15
References
- MISChttps://launchpad.net/bugs/1895928
- VENDOR_ADVISORYhttps://ubuntu.com/USN-4640-1