Nixpkgs security tracker

Untriaged

Permalink CVE-2026-3888

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 month ago

Local Privilege Escalation in snapd

Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.

References

https://ubuntu.com/security/CVE-2026-3888 issue-trackingvdb-entry
https://ubuntu.com/security/notices/USN-8102-1 vendor-advisory
https://discourse.ubuntu.com/t/snapd-local-privilege-escalation-cve-2026-3888 vendor-advisorytechnical-description
https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-388… media-coveragetechnical-description
https://cdn2.qualys.com/advisory/2026/03/17/snap-confine-systemd-tmpfiles.txt media-coveragetechnical-description

Affected products

snapd

<2.75.1
*

Matching in nixpkgs

pkgs.snapdragon-profiler

An profiler for Android devices running Snapdragon chips

nixos-unstable 2021.2
- nixpkgs-unstable 2021.2
- nixos-unstable-small 2021.2
nixos-25.11 2021.2
- nixos-25.11-small 2021.2
- nixpkgs-25.11-darwin 2021.2

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.snapdragon-profiler