CVE-2016-1581

MEDIUM

LXD <2.0.2 - Info Disclosure

Title source: llm

Description

LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.

References (2)

Scores

CVSS v3 5.5
EPSS 0.0003
EPSS Percentile 9.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-284
Status draft

Affected Products (3)

canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/lxd < 2.0.1

Timeline

Published Jun 09, 2016
Tracked Since Feb 18, 2026