Ubuntu Desktop 24.04+ faces a root-access flaw. CVE-2026-3888 abuses temp cleanup timing between snap-confine and ...

Ubuntu Desktop 24.04及更高版本默认安装存在高危安全漏洞CVE-2026-3888，CVSS评分7.8。该漏洞允许本地无特权攻击者通过snap-confine和systemd-tmpfiles组件交互实现完全root权限提升。攻击需要特定时间窗口（10-30天），利用系统清理守护进程删除关键目录/tmp/.snap的时机，攻击者可重建恶意目录并在下次沙盒初始化时执行任意代码。

A vulnerability in the interaction between snapd and systemd under Ubuntu allows attackers to gain root access.

CVE-2026-3888 is a high-severity Local Privilege Escalation (LPE) vulnerability that allows unprivileged users to gain full root access on default installations of Ubuntu 24.04 LTS and later.

A newly identified local privilege escalation (LPE) vulnerability has been discovered affecting default installations of ...

Two vulnerabilities in the Ubuntu implementation of a popular container-based file system allow attackers to execute code with root privileges on 40% of Ubuntu Linux cloud workloads, researchers have ...

On October 12, 2023, Canonical will be releasing Ubuntu 23.10. This new version of Ubuntu Linux is already looking good. One new security feature, however, hasn't gotten much attention: Restricted ...