CVE-2022-3328
HIGHsnapd < 2.61.1 - Race Condition in must_mkdir_and_open_with_perms
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-3328. PoCs published by Mr-xn.
AI-analyzed exploit summary This repository references CVE-2022-3328, a race condition vulnerability in snap-confine's must_mkdir_and_open_with_perms function, as documented by Qualys. It provides links to advisory and technical analysis but lacks actual exploit code.
Description
Race condition in snap-confine's must_mkdir_and_open_with_perms()
Exploits (1)
nomisec
WRITEUP
4 stars
by Mr-xn · poc
https://github.com/Mr-xn/CVE-2022-3328
This repository references CVE-2022-3328, a race condition vulnerability in snap-confine's must_mkdir_and_open_with_perms function, as documented by Qualys. It provides links to advisory and technical analysis but lacks actual exploit code.
Classification
Writeup 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target:
snapd (snap-confine)
No auth needed
Prerequisites:
Local access to a vulnerable system · Race condition timing control
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
References (2)
Core 2
Core References
Third Party Advisory issue-tracking
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328
Vendor Advisory third-party-advisory
https://ubuntu.com/security/notices/USN-5753-1
Scores
CVSS v3
7.8
EPSS
0.0006
EPSS Percentile
19.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-362
Status
published
Products (7)
canonical/snapd
< 2.61.1
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
20.04
canonical/ubuntu_linux
22.04
canonical/ubuntu_linux
22.10
snapcore/snapd
0 - 2.57.6Go
Published
Jan 08, 2024
Tracked Since
Feb 18, 2026