If you use snapd then make sure you've updated to the latest available build from the Fedora 28/29/EPEL repositories 2.37.2 which is not affected.


# Overview
Current versions of Ubuntu Linux are vulnerable to local privilege escalation due to a bug in the snapd API. This local service installs by default on both "Server" and "Desktop" versions of Ubuntu and is likely included in many Ubuntu-like Linux distributions.
Any local low privilege user can exploit this vulnerability to obtain immediate root access to the server.
An exploit is attached that works 100% of the time on fresh, default installations of Ubuntu Server and Desktop.
Researcher: Chris Moberly @ The Missing Link Security
# Background
In an attempt to simplify packaging applications on Linux systems, various new competing standards are emerging. Canonical, the makers of Ubuntu Linux, are promoting their "Snap" packages. This is a way to roll all application dependencies into a single binary - similar to Windows applications.
The Snap ecosystem includes an "app store" like experience (https://snapcraft.io/store) where developers can contribute and maintain ready-to-go packages.
Management of locally installed snaps and communication with this online store are partially handled by a systemd service called "snapd" (https://github.com/snapcore/snapd). This service is installed automatically in Ubuntu and runs under the context of the "root" user.
# Vulnerability Overview
## Interesting Linux OS Information
The snapd service is described in a systemd service unit file located at /lib/systemd/system/snapd.service.