Local-privilege escalation in snapd [LWN.net]

Qualys has discovered a local-privilege escalation (LPE) vulnerability affecting Ubuntu Desktop 24.04 and later:

This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root access through the interaction of two standard system components: snap-confine and systemd-tmpfiles.

More details are available in the security advisory. Canonical has published updated packages as well as instructions for verifying if a system is vulnerable and how to upgrade if so.

to post comments

standard system components?

Posted Mar 20, 2026 5:12 UTC (Fri) by mirabilos (subscriber, #84359) [Link] (1 responses)

If you call either of snap-confine and systemd-tmpfiles a standard system component, then you’ve already lost :þ

standard system components?

Posted Mar 20, 2026 10:12 UTC (Fri) by tao (subscriber, #17563) [Link]

I know you love complaining about systemd and anything related, but systemd-tmpfiles is standard on every system running systemd, which is pretty much every relevant Linux distro, and to call snap-confine anything else than a standard component *in the context of snapd* is quite laughable.