CVE-2015-1344

The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
canonicalCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
canonicalubuntu_linux
15.04
canonicalubuntu_linux
15.10
canonicallxcfs
𝑥
≤ 0.11
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
lxcfs
bullseye
4.0.7-1
fixed
bookworm
5.0.3-1+deb12u1
fixed
sid
6.0.2-1
fixed
trixie
6.0.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
lxcfs
wily
Fixed 0.10-0ubuntu2.1
released
vivid
Fixed 0.7-0ubuntu4.1
released
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://www.ubuntu.com/usn/USN-2813-1
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1512854
https://github.com/lxc/lxcfs/commit/8ee2a503e102b1a43ec4d83113dc275ab20a869a
http://www.ubuntu.com/usn/USN-2813-1
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1512854
https://github.com/lxc/lxcfs/commit/8ee2a503e102b1a43ec4d83113dc275ab20a869a