CVE-2022-3328 — Race Condition in LTD Snapd

CWE-362 — Race Condition10 documents7 sources

Severity

7.0HIGHNVD

CNA7.8

EPSS

0.1%

top 81.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical LTD Snapd Snapcraft Snapd Github.com Snapcore Snapd +2 more

Timeline

PublishedJan 8

Latest updateJun 5

Description

Race condition in snap-confine's must_mkdir_and_open_with_perms()

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

▶NVDcanonical/snapd< 2.61.1

▶CVEListV5canonical_ltd/snapd< 2.61.1

▶Gogithub.com/snapcore_snapd< 2.57.6

▶Debiansnapcraft/snapd< 2.49-1+deb11u2+3

Also affects: Ubuntu Linux 16.04, 18.04, 20.04, 22.04, 22.10

🔴Vulnerability Details

OSV

snapd Race Condition vulnerability in github.com/snapcore/snapd↗2024-06-05

▶

CVEList

CVE-2022-3328: Race condition in snap-confine's must_mkdir_and_open_with_perms()↗2024-01-08

▶

GHSA

snapd Race Condition vulnerability↗2024-01-08

▶

OSV

snapd Race Condition vulnerability↗2024-01-08

▶

OSV

CVE-2022-3328: Race condition in snap-confine's must_mkdir_and_open_with_perms()↗2024-01-08

▶

📋Vendor Advisories

Ubuntu

snapd vulnerability↗2022-12-01

▶

Debian

CVE-2022-3328: snapd - Race condition in snap-confine's must_mkdir_and_open_with_perms()↗2022

▶

🕵️Threat Intelligence

Qualys

Snapd Race Condition Vulnerability in snap-confine’s must_mkdir_and_open_with_perms() (CVE-2022-3328) | Qualys↗2022-11-30

▶