Canonical Multipass Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability exists in Canonical Multipass for macOS, in versions prior to 1.16.3. The issue arises from an incomplete fix for a previous vulnerability, CVE-2025-5199. While the update in version 1.16.0 changed the ownership of the 'multipassd' daemon binary to 'root:wheel', five other binaries in the same directory retained user ownership and remained writable. These binaries, which include 'multipass', 'qemu-img', 'qemu-system-aarch64', 'qemu-system-x86_64', and 'sshfs_server', are invoked by the root LaunchDaemon, creating an opportunity for local attackers to replace them with malicious versions that execute with root privileges, thereby escalating privileges.

Impact

Exploitation of this vulnerability allows any local user who installed Multipass to gain full root privileges on macOS, without any user interaction or visible errors. The escalation is persistent across reboots, thanks to a passwordless entry in the sudoers file.

Reproduction

To reproduce this vulnerability, install Multipass version 1.16.1 or earlier on macOS as a standard user. Ensure that the Ubuntu 26.04 LTS image is cached locally. The vulnerability can be triggered by replacing a writable auxiliary binary, such as 'qemu-img', with a malicious wrapper that adds a passwordless sudoers entry. Once the binary is replaced, launch a VM using Multipass, which will invoke the modified binary and execute the malicious code with root privileges.

Remediation

Users can update to Canonical Multipass version 1.16.3 or later, where this vulnerability has been patched.