Forum: RetroDigital BBS

Local-privilege escalation in snapd

From LWN.net@618:250/24 to All on Thu Mar 19 06:40:08 2026

Qualys has discovered
a local-privilege escalation (LPE) vulnerability affecting Ubuntu
Desktop 24.04 and later:

This flaw (CVE-2026-3888) allows an unprivileged local attacker to
escalate privileges to full root access through the interaction of two
standard system components: snap-confine and systemd-tmpfiles.

More details are available in the security
advisory. Canonical has published updated packages as well as instructions
for verifying if a system is vulnerable and how to upgrade if so.

https://lwn.net/Articles/1063453/
--- SBBSecho 3.37-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24)

Who's Online
Recent Visitors
- Guest
  Thu Mar 19 21:02:10 2026
  from One, Two via Telnet
- Deepend
  Wed Mar 18 08:26:50 2026
  from Calgary, Ab via HTTPS
- Tsukaj
  Tue Mar 17 22:32:32 2026
  from Tennessee via Telnet
- Jmay
  Fri Mar 13 20:33:12 2026
  from Seattle Wa via Telnet

System Info

Sysop:	deepend
Location:	Calgary, Alberta
Users:	296
Nodes:	10 (0 / 10)
Uptime:	05:15:03
Calls:	2,510
Files:	5,729
D/L today:	40 files (10,433K bytes)
Messages:	464,105

Synchronet Oneliners
- Vintagegeek@rdbbs
  Thu Mar 5 09:15:57 2026
  To the Beach
- Vintagegeek@rdbbs
  Fri Mar 6 17:07:01 2026
  To The LifeBoats
- Vintagegeek@rdbbs
  Sun Mar 8 10:57:24 2026
  Firefly - Serenity
- Kat@rdbbs
  Wed Mar 11 14:52:38 2026
  Hello erryone!
- Jmay@rdbbs
  Fri Mar 13 20:32:57 2026
  Burning the oatmeal
- Tsukaj@rdbbs
  Tue Mar 17 22:27:28 2026
  hell yeah this is so cool