News > Internet & Security Security Experts Find Multiple Root-Access Vulnerabilities on Ubuntu Linux 40 million users at risk By Lawrence Bonk Lawrence Bonk News Reporter Florida State University Lawrence Bonk is a tech news reporter for Lifewire, specializing in gaming, AI, VR, and consumer tech, including iOS, macOS, wearables, and more. lifewire's editorial guidelines Updated on February 18, 2022 05:03PM EST Fact checked by Jerri Ledford Fact checked by Jerri Ledford Western Kentucky University Gulf Coast Community College Jerri L. Ledford has been writing, editing, and fact-checking tech stories since 1994. Her work has appeared in Computerworld, PC Magazine, Information Today, and many others. lifewire's fact checking process Tweet Share Email Tweet Share Email Internet & Security Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming Gaming There’s nothing worse than malicious code that gains root privileges, as that gives it total and absolute control over the system. Ubuntu Linux users are at risk of just that, according to cyber security firm Qualys, as reported in a company blog post written by their Director of Vulnerability and Threat Research. Qualys notes they have discovered two flaws within Ubuntu Linux that would allow for root access by nefarious software packages. Marvin Meyer / Unsplash The flaws reside in a widely used package manager for Ubuntu Linux called Snap, putting around 40 million users at risk, as the software ships by default on Ubuntu Linux and a wide range of other major Linux distributors. Snap, developed by Canonical, allows for the packaging and distribution of self-contained applications called “snaps” that run in restricted containers. Any security flaws that escape these containers are considered extremely serious. As such, both privilege escalation bugs are rated as high severity threats. These vulnerabilities allow a low-privileged user to execute malicious code as root, which is the highest administrative account on Linux. “Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu,” they wrote. “It is vital that vulnerabilities are responsibly reported and are patched and mitigated immediately.” Qualys also found six other vulnerabilities in the code, but these are all considered to be lower risk. So what should you do? Ubuntu has already issued patches for both vulnerabilities. Download a patch for CVE-2021-44731 here and CVE-2021-44730 here. Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Email Address Sign up There was an error. Please try again. You're in! Thanks for signing up. There was an error. Please try again. Thank you for signing up! Tell us why! Other Not enough details Hard to understand Submit