Local-privilege escalation in snapd

by
jzb
from LWN.net on (#74AX8)

Qualys has discovereda local-privilege escalation (LPE) vulnerability affecting UbuntuDesktop 24.04 and later:

This flaw (CVE-2026-3888) allows an unprivileged local attacker toescalate privileges to full root access through the interaction of twostandard system components: snap-confine and systemd-tmpfiles.

More details are available in the securityadvisory. Canonical has published updated packages as well as instructionsfor verifying if a system is vulnerable and how to upgrade if so.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments