A crucial vulnerability, recognized as CVE-2026-3888, has been found in Ubuntu Desktop variations 24.04 and later, permitting native attackers to realize root privileges. The flaw, with a CVSS rating of seven.8, exploits a timing challenge throughout the systemd cleanup course of, enabling an unprivileged consumer to escalate their entry to the very best degree of system management, based on a latest report by Safety Affairs.The vulnerability arises from the interplay between snap-confine, which manages safe utility environments, and systemd-tmpfiles, chargeable for eradicating momentary information. Attackers can exploit a 10- to 30-day cleanup window. Throughout this era, after a crucial listing utilized by snap-confine is deleted by systemd-tmpfiles, an attacker can recreate it with malicious information.When snap-confine subsequently initializes a sandbox, it inadvertently mounts these malicious information as root, resulting in arbitrary code execution and full system compromise. This assault requires native entry and exact timing however impacts confidentiality, integrity, and availability.Supply: Safety Affairs
- Advertisement -
