CVE-2018-6556

Published: 06 August 2018

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.

Priority

Medium

CVSS 3 base score: 3.3

Status

Package Release Status
lxc
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (3.0.1-0ubuntu1~18.04.2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.0.8-0ubuntu1~16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(1.0.10-0ubuntu1.1)