The remote socket address is incorrectly validated and parsed when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. The vulnerability resides in the REST API for snapd service, a universal Linux packaging system that makes an application compatible for various Linux distributions without requiring any modiﬁcation.
snapd 2.28 through 2.37
Vendor has released updates for the aﬀected products. Update to patched version.