PT-2022-5709 · Canonical+3 · Snap-Confine+5

Qualys

Published

2022-11-30

Updated

2024-06-14

CVE-2022-3328

CVSS v4.0

9.0

Critical

Vector

AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions snapd versions prior to 2.57.6 snap-confine versions prior to 2.57.6

Description The issue is related to a race condition in the must mkdir and open with perms() function of the snap-confine utility. This vulnerability can be exploited to elevate privileges or execute arbitrary code. The problem is associated with synchronization errors when using a shared resource, also known as a "race condition".

Recommendations For versions prior to 2.57.6, update to version 2.57.6 or later to resolve the issue. As a temporary workaround, consider disabling the must mkdir and open with perms() function until a patch is available.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2024-6157

ALT-PU-2024-8892

BDU:2022-07107

CVE-2022-3328

DLA-3215-1

DSA-5292-1

GHSA-CJQF-877P-7M3F

GO-2024-2468

USN-5753-1

Affected Products

Alt Linux

Linuxmint

Red Os

Ubuntu

Snap-Confine

Snapd

PT-2022-5709 · Canonical+3 · Snap-Confine+5

CVE-2022-3328

Weakness Enumeration

Related Identifiers

Affected Products

References · 29