Privilege Escalation Vulnerability in Ubuntu Server's LXD Feature
CVE-2023-5536

5MEDIUM

Key Information:

Vendor: Canonical
Status: Ubuntu Server
Vendor: CVE Published:; 12 December 2023

What is CVE-2023-5536?

A feature in LXD on Ubuntu Server allows users in the lxd group to escalate their privileges to root without a sudo password. This misconfiguration could enable malicious actors to gain unauthorized control over the system. It is essential to address this issue promptly to safeguard against potential exploits. Users are encouraged to review their LXD configurations and implement mitigations as outlined in the official documentation.

Affected Version(s)

Ubuntu Server Linux 0 < 24.04

References

https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/...

mitigation

https://ubuntu.com/security/CVE-2023-5536

issue-tracking

https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071

issue-tracking

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Oct 11, 2023

Credit

Tobias Jäger

Canonical

What is CVE-2023-5536?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit