The Qualys Threat Research Unit (TRU) has discovered a new vulnerability in the snap-confine function on Linux operating systems (CVE-2022-3328). This is a SUID-root program installed by default on Ubuntu. Qualys recommends applying the patch immediately.
In February 2022, Qualys Threat Research Unit (TRU) published CVE-2021-44731 in the “Lemmings” Advisory. The vulnerability (CVE-2022-3328) originated in February 2022 with the patch for CVE-2021-44731.
Our Threat Research Unit (TRU) exploited the vulnerability in Ubuntu Server by combining it with two vulnerabilities in multipathd called Leeloo Multipath (CVE-2022-41974 and CVE-2022-41973) to obtain full root privileges.
Snap-confine is an internal tool for confining snappy applications used by snapd to construct the execution environment for snap applications.
An unprivileged user can get root access to the affected device by successfully exploiting the three vulnerabilities. On Ubuntu default installations, our security researchers have confirmed the vulnerability, created an exploit, and could gain full root access.
We engaged in responsible vulnerability disclosure and cooperated with vendors and open-source distributions to report this recently found vulnerability as soon as the Qualys Threat Research Unit verified it.
Qualys Detection
Qualys customers can scan their devices with QIDs 377800 and 199054 to detect vulnerable assets.
Continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
Additional Links:
https://ubuntu.com/security/notices/USN-5753-1
https://github.com/snapcore/snapd/releases/tag/2.57.6
https://www.qualys.com/2022/11/30/cve-2022-3328/advisory-snap.txt