CVE-2023-5536

Summary

A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.

Affected Software

VendorProductVersion RangeStatus
CanonicalUbuntu Server0 < 24.04unaffected

Weaknesses

Workarounds

Remove users from lxd group and configure multi-user LXD mode. https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4

ADP Enrichment

CVE Program Container

Additional References

References