CVE-2015-1342

EUVD-2015-1481
LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
15.04
canonicalubuntu_linux
15.10
canonicallxcfs
𝑥
≤ 0.11
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
lxcfs
bookworm
5.0.3-1+deb12u1
fixed
bullseye
4.0.7-1
fixed
sid
6.0.2-1
fixed
trixie
6.0.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
lxcfs
precise
dne
trusty
dne
vivid
Fixed 0.7-0ubuntu4.1
released
wily
Fixed 0.10-0ubuntu2.1
released
Common Weakness Enumeration
References
http://www.ubuntu.com/usn/USN-2813-1
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1508481
https://github.com/lxc/lxcfs/commit/a8b6c3e0537e90fba3c55910fd1b7229d54a60a7
http://www.ubuntu.com/usn/USN-2813-1
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1508481
https://github.com/lxc/lxcfs/commit/a8b6c3e0537e90fba3c55910fd1b7229d54a60a7