NA

CVE-2022-3328

Published: 08/01/2024 Updated: 21/11/2024

Vulnerability Summary

Race condition in snap-confine's must_mkdir_and_open_with_perms()

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

canonical snapd

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 20.04

canonical ubuntu linux 22.04

canonical ubuntu linux 22.10

Vendor Advisories

The Qualys Research Team discovered a race condition in the snapd-confine binary which could result in local privilege escalation For the stable distribution (bullseye), this problem has been fixed in version 249-1+deb11u2 We recommend that you upgrade your snapd packages For the detailed security status of snapd please refer to its security tr ...

Exploits

Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to r ...

Github Repositories

CVE-2022-3328 with CVE-2022-41974 and CVE-2022-41973

CVE-2022-3328 CVE-2022-3328 with CVE-2022-41974 and CVE-2022-41973 from: wwwqualyscom/2022/11/30/cve-2022-3328/advisory-snaptxt blogqualyscom/vulnerabilities-threat-research/2022/11/30/race-condition-in-snap-confines-must_mkdir_and_open_with_perms-cve-2022-3328