CVE-2023-5536
5
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
Summary
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Canonical | Ubuntu Server | 0 < 24.04 | unaffected |
Weaknesses
Workarounds
Remove users from lxd group and configure multi-user LXD mode. https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4
ADP Enrichment
CVE Program Container
Additional References
- https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4
- https://ubuntu.com/security/CVE-2023-5536
- https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536
References
- https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4
- https://ubuntu.com/security/CVE-2023-5536
- https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.