"We discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory, we tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how we exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by combining it with two vulnerabilities in multipathd (an authorization bypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973): https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt" "Patches are available at: https://github.com/snapcore/snapd/releases/tag/2.57.6 https://github.com/snapcore/snapd/commits/release/2.57" Please bump to 2.57.6.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=567c437733417399551df986d3f85b9758568eb1 commit 567c437733417399551df986d3f85b9758568eb1 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-12-01 03:45:09 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-12-01 03:45:42 +0000 app-containers/snapd: drop 2.57.2-r1, 2.57.4, 2.57.5 Bug: https://bugs.gentoo.org/883795 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-containers/snapd/Manifest | 3 - app-containers/snapd/snapd-2.57.2-r1.ebuild | 178 ---------------------------- app-containers/snapd/snapd-2.57.4.ebuild | 178 ---------------------------- app-containers/snapd/snapd-2.57.5.ebuild | 178 ---------------------------- 4 files changed, 537 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=207fb8f24450d6adacaab692c5fcc733657f6eb7 commit 207fb8f24450d6adacaab692c5fcc733657f6eb7 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-12-01 03:44:22 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-12-01 03:45:42 +0000 app-containers/snapd: add 2.57.6 Bug: https://bugs.gentoo.org/883795 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-containers/snapd/Manifest | 1 + app-containers/snapd/snapd-2.57.6.ebuild | 178 +++++++++++++++++++++++++++++++ 2 files changed, 179 insertions(+)
Thanks, all done!