Login Sign Up

CVE-2022-3328

7.8 HIGH

📋 TL;DR

CVE-2022-3328 is a race condition vulnerability in snap-confine's must_mkdir_and_open_with_perms() function that could allow local privilege escalation. Attackers could exploit this to gain root privileges on affected systems. This affects systems using snap packages on vulnerable versions of snapd.

💻 Affected Systems

Products:
  • snapd
  • snap-confine
Versions: snapd versions before 2.57.5
Operating Systems: Ubuntu, Linux distributions using snap packages
Default Config Vulnerable: ⚠️ Yes
Notes: Systems with snap package management enabled are vulnerable. The snapd service runs with elevated privileges.

📦 What is this software?

Snapd by Canonical

View all CVEs affecting Snapd →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full root privileges, enabling complete system compromise, data theft, and persistence establishment.

🟠

Likely Case

Local user escalates privileges to root, allowing unauthorized access to sensitive files and system modifications.

🟢

If Mitigated

With proper patching, the vulnerability is eliminated; with proper access controls, impact is limited to authorized users.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local access, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Internal users with shell access could exploit this to gain root privileges on vulnerable systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and knowledge of race condition timing. Proof-of-concept code has been published.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: snapd 2.57.5 and later

Vendor Advisory: https://ubuntu.com/security/notices/USN-5753-1

Restart Required: No

Instructions:

1. Update snapd package: sudo apt update && sudo apt install snapd
2. Verify version: snap version
3. Ensure snapd version is 2.57.5 or higher

🔧 Temporary Workarounds

Disable snap services

linux

Temporarily disable snap services if patching is not immediately possible

sudo systemctl stop snapd.service
sudo systemctl disable snapd.service

🧯 If You Can't Patch

  • Restrict local user access to vulnerable systems
  • Implement strict privilege separation and monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check snapd version: snap version | grep 'snapd'

Check Version:

snap version | grep 'snapd'

Verify Fix Applied:

Verify snapd version is 2.57.5 or higher: snap version

📡 Detection & Monitoring

Log Indicators:

  • Unusual snapd process activity
  • Privilege escalation attempts in system logs
  • Failed snap package installations

Network Indicators:

  • None - local exploit only

SIEM Query:

source="systemd" AND process="snapd" AND (event="privilege_escalation" OR event="permission_denied")

📊 Metadata

CVE ID: CVE-2022-3328
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-362
Published: January 8, 2024
Last Updated: June 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-3328, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)