Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2022-3328

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 10 months, 1 week ago

Race condition in snap-confine's must_mkdir_and_open_with_perms()

Race condition in snap-confine's must_mkdir_and_open_with_perms()

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328 issue-tracking
https://ubuntu.com/security/notices/USN-5753-1 third-party-advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328 issue-trackingx_transferred
https://ubuntu.com/security/notices/USN-5753-1 third-party-advisoryx_transferred
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328 issue-tracking
https://ubuntu.com/security/notices/USN-5753-1 third-party-advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328 issue-tracking
https://ubuntu.com/security/notices/USN-5753-1 third-party-advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328 issue-trackingx_transferred
https://ubuntu.com/security/notices/USN-5753-1 third-party-advisoryx_transferred
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328 issue-tracking
https://ubuntu.com/security/notices/USN-5753-1 third-party-advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328 issue-trackingx_transferred
https://ubuntu.com/security/notices/USN-5753-1 third-party-advisoryx_transferred

Affected products

snapd

<2.61.1

Matching in nixpkgs

pkgs.snapdragon-profiler

An profiler for Android devices running Snapdragon chips

nixos-unstable 2021.2
- nixpkgs-unstable 2021.2
- nixos-unstable-small 2021.2