#VU69767 Race condition in Snapd - CVE-2022-3328


| Updated: 2022-12-15

Vulnerability identifier: #VU69767

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3328

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Snapd
Universal components / Libraries / Software for developers

Vendor: snapcore

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the must_mkdir_and_open_with_perms() function in the
snapd snap-confine binary when preparing the private /tmp mount for a
snap. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Note, the vulnerability is caused by an insufficient fix for #VU60743 (CVE-2021-44731).

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Snapd: 2.54.3 - 2.57.5

External links
https://ubuntu.com/security/CVE-2022-3328
https://github.com/Mr-xn/CVE-2022-3328

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Debian update for snapd
Fedora EPEL 7 update for snapd
Fedora EPEL 9 update for snapd
Fedora EPEL 8 update for snapd
Fedora 37 update for snapd
Fedora 36 update for snapd
Ubuntu update for snapd
Race condition in Snapd