CVE-2020-11933 : Security Advisory and Response

This CVE involves a local snapd exploit through cloud-init on Ubuntu Core devices, allowing a physical attacker to bypass security mechanisms.

Understanding CVE-2020-11933

This vulnerability affects snapd and core versions on Ubuntu Core devices, potentially leading to arbitrary changes by an attacker.

What is CVE-2020-11933?

The issue arises from cloud-init managed by snapd on Ubuntu Core 16 and 18 devices running without restrictions on every boot.
A physical attacker could exploit this by crafting cloud-init user-data/meta-data via external media to perform unauthorized changes on the device.
The vulnerability allows bypassing intended security mechanisms like full disk encryption.

The Impact of CVE-2020-11933

CVSS Base Score: 7.3 (High Severity)
Attack Vector: Physical
Confidentiality Impact: High
Integrity Impact: High
Privileges Required: None
Scope: Changed
User Interaction: None

Technical Details of CVE-2020-11933

This section provides more in-depth technical insights into the vulnerability.

Vulnerability Description

The vulnerability allows a physical attacker to exploit cloud-init to make unauthorized changes on Ubuntu Core devices.

Affected Systems and Versions

Products: snapd, core
Vendor: Canonical
Versions: snapd 2.45.2, revision 8539; core 2.45.2, revision 9659

Exploitation Mechanism

Attack Complexity: Low
Availability Impact: None

Mitigation and Prevention

Learn how to mitigate and prevent the exploitation of CVE-2020-11933.

Immediate Steps to Take

Update snapd to version 2.45.2, revision 8539 and core to version 2.45.2, revision 9659.
Monitor for any unauthorized changes on Ubuntu Core devices.

Long-Term Security Practices

Implement strict access controls and restrictions on cloud-init configurations.
Regularly review and update security configurations on Ubuntu Core devices.

Patching and Updates

Stay informed about security updates from Canonical and apply patches promptly.