Canonical Livepatch Client Snap Improper Access Control Vulnerability Allowing Token Theft

An improper access control vulnerability exists in the canonical-livepatch snap client versions prior to 10.15.0. This vulnerability allows local unprivileged users to obtain a sensitive root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. The issue arises on systems where the Livepatch client has been enabled with a valid Ubuntu Pro subscription, allowing the token to be used to access Livepatch services with the victim's credentials and potentially disrupt the Livepatch server.

Impact

Exploitation of this vulnerability allows local unprivileged users to steal a root-level authentication token, which can be used to access Livepatch services with the victim's credentials and potentially cause issues on the Livepatch server.

Remediation

To address this vulnerability, update the canonical-livepatch snap to version 10.15.0 or later. If the snap is installed from the latest/stable channel and automatic refreshes are not on hold, it will be updated automatically. To manually update, use the command 'sudo snap refresh canonical-livepatch --channel latest/stable'. After updating, verify the version with 'canonical-livepatch --version'.