Vulnerability Details CVE-2016-1580
The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap with a name starting with "ubuntu-core."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2016-1580
-
cpe:2.3:a:canonical:ubuntu-core-launcher:1.0.27
-
cpe:2.3:o:canonical:ubuntu_linux:16.04