Description
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
References (7)
Core 7
Core References
Vendor Advisory mailing-list
x_refsource_mlist
https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html
Issue Tracking, Patch x_refsource_confirm
https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96777
Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3224-1
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2017/03/09/4
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
Scores
CVSS v3
3.3
EPSS
0.0009
EPSS Percentile
25.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-862
Status
published
Products (1)
linuxcontainers/lxc
< 1.0.9
Published
Mar 14, 2017
Tracked Since
Feb 18, 2026