Title: Local privilege escalation in Ubuntu Linux and derivatives
Discovery: Chris Moberly on behalf of The Missing Link Security
The Snap daemon (snapd) incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges.
snapd versions 2.28 through 2.37