Improper Mount Point Determination in ubuntu-core-launcher Package
CVE-2016-1580 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap with a name starting with "ubuntu-core."
Learn more about our Cis Benchmark Audit For Bind.