Fabre

#1131120 snapd: CVE-2026-3888 #1131120

Package:: src:snapd

Source:: src:snapd

Submitter:: Salvatore Bonaccorso

Date:: 2026-03-17 20:27:02 UTC

Severity:: normal

Tags:

#1131120#5

Date:: 2026-03-17 20:25:06 UTC

From:

To:

Hi,

The following vulnerability was published for snapd.

CVE-2026-3888[0]:
| Local privilege escalation in snapd on Linux allows local attackers
| to get root privilege by re-creating snap's private /tmp directory
| when systemd-tmpfiles is configured to automatically clean up this
| directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04
| LTS, 22.04 LTS, and 24.04 LTS.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-3888
https://www.cve.org/CVERecord?id=CVE-2026-3888
[1] https://www.openwall.com/lists/oss-security/2026/03/17/8

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

#1131120 snapd: CVE-2026-3888 #1131120

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)