CVE-2016-1581

MEDIUM

LXD <2.0.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://linuxcontainers.org/lxd/news/
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2988-1

Scores

CVSS v3 5.5
EPSS 0.0030
EPSS Percentile 22.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-284
Status published
Products (3)
canonical/lxd < 2.0.1
canonical/ubuntu_linux 15.10
canonical/ubuntu_linux 16.04
Published Jun 09, 2016
Tracked Since Feb 18, 2026