CVE-2023-5536
MEDIUMUbuntu Linux < 24.04 - Privilege Escalation via LXD Group Default Configuration
Title source: llmDescription
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.
References (4)
Core 4
Core References
Vendor Advisory mitigation
https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4
Vendor Advisory issue-tracking
https://ubuntu.com/security/CVE-2023-5536
Issue Tracking, Vendor Advisory issue-tracking
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071
Third Party Advisory issue-tracking
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536
Scores
CVSS v3
5.0
EPSS
0.0004
EPSS Percentile
12.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
Details
CWE
CWE-276
Status
published
Products (1)
canonical/ubuntu_linux
< 24.04
Published
Dec 12, 2023
Tracked Since
Feb 18, 2026