CVE-2016-1582

MEDIUM

LXD <2.0.2 - Privilege Escalation

Title source: llm

Description

LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.

References (2)

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2988-1

[Vendor Advisory] https://linuxcontainers.org/lxd/news/

Scores

CVSS v3 5.5

EPSS 0.0004

EPSS Percentile 12.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (3)

canonical/ubuntu_linux

canonical/lxd

Timeline

Published Jun 09, 2016

Tracked Since Feb 18, 2026