Published: 08/01/2024 Updated: 12/01/2024

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 0

Race condition in snap-confine's must_mkdir_and_open_with_perms()

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 20.04
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 22.04
canonical ubuntu linux 22.10
canonical snapd

The Qualys Research Team discovered a race condition in the snapd-confine binary which could result in local privilege escalation For the stable distribution (bullseye), this problem has been fixed in version 249-1+deb11u2 We recommend that you upgrade your snapd packages For the detailed security status of snapd please refer to its security tr ...

Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to r ...

CVE-2022-3328 with CVE-2022-41974 and CVE-2022-41973

CVE-2022-3328 CVE-2022-3328 with CVE-2022-41974 and CVE-2022-41973 from: wwwqualyscom/2022/11/30/cve-2022-3328/advisory-snaptxt blogqualyscom/vulnerabilities-threat-research/2022/11/30/race-condition-in-snap-confines-must_mkdir_and_open_with_perms-cve-2022-3328

CWE-362 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328 https://ubuntu.com/security/notices/USN-5753-1 https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5292 https://github.com/Mr-xn/CVE-2022-3328

CVE-2022-3328

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect