Linux

• CVE-2026-3888: Snap LPE -- Patch It Now March 18, 2026

  CVE-2026-3888 is a local privilege escalation in Ubuntu's Snap package manager (CVSS 7.8). An unprivileged attacker waits for systemd-tmpfiles to delete /tmp/.snap -- 10-30 days depending on Ubuntu version -- then recreates it with malicious payloads. snap-confine bind-mounts them as root on next sandbox init. Patch is available now.

• An AI Agent Is Now Reviewing Every Linux Kernel Patch March 18, 2026

  Google's Sashiko is an agentic code review system now covering every patch submitted to the Linux kernel mailing list. In testing, it caught 53% of bugs that human reviewers had already missed. Here's how the 9-stage pipeline works and what the template means for other codebases.