Description
LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup.
References (3)
Core 3
Core References
Exploit x_refsource_confirm
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1508481
Patch x_refsource_confirm
https://github.com/lxc/lxcfs/commit/a8b6c3e0537e90fba3c55910fd1b7229d54a60a7
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2813-1
Scores
EPSS
0.0006
EPSS Percentile
17.1%
Details
CWE
CWE-264
Status
published
Products (3)
canonical/lxcfs
< 0.11
canonical/ubuntu_linux
15.04
canonical/ubuntu_linux
15.10
Published
Dec 07, 2015
Tracked Since
Feb 18, 2026