Description
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.
References (8)
Core 8
Core References
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/usn/usn-3730-1
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201808-02
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=988348
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
Scores
CVSS v3
3.3
EPSS
0.0007
EPSS Percentile
20.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-417
Status
published
Products (7)
canonical/ubuntu_linux
18.04
linuxcontainers/lxc
2.0.0 - 2.0.9
opensuse/leap
15.0
suse/caas_platform
1.0
suse/caas_platform
2.0
suse/openstack_cloud
6
suse/suse_linux_enterprise_server
11 sp3 (2 CPE variants)
Published
Aug 10, 2018
Tracked Since
Feb 18, 2026