Ubuntu Advisory: CVE-2022-3328 Critical: Snap-Confine Root Exploit

Qualys researchers demonstrated how to chain a new Linux flaw with two other two issues to gain full root privileges on an impacted system.

Researchers at the Qualys’ Threat Research Unit demonstrated how to chain a new Linux vulnerability, tracked as CVE-2022-3328, with two other flaws to gain full root privileges on an affected system.

The vulnerability resides in the snap-confine function on Linux operating systems, a SUID-root program installed by default on Ubuntu.

The snap-confine is used internally by snapd to construct the execution environment for snap applications, an internal tool for confining snappy applications.