Candidate: CVE-2021-3626
PublicDate: 2021-10-01 03:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3626
 https://github.com/canonical/multipass/pull/2150
Description:
 The Windows version of Multipass before 1.7.0 allowed any local process to
 connect to the localhost TCP control socket to perform mounts from the
 operating system to a guest, allowing for privilege escalation.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H [8.8 HIGH]


Patches_multipass:
upstream_multipass: released (1.7.0)
trusty_multipass: not-affected (Windows-only)
trusty/esm_multipass: DNE
xenial_multipass: not-affected (Windows-only)
bionic_multipass: DNE
focal_multipass: DNE
hirsute_multipass: DNE
impish_multipass: DNE
jammy_multipass: DNE
devel_multipass: DNE