CVE-2021-3626

Summary

The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation.

Affected Software

VendorProductVersion RangeStatus
CanonicalMultipassunspecified < 1.7.0affected

Weaknesses

  • CWE-73: CWE-73 External Control of File Name or Path
  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References