Privilege Escalation Vulnerability in Ubuntu Server's LXD Feature
CVE-2023-5536

5MEDIUM

Key Information:

Vendor

Canonical

Status
Ubuntu Server
Vendor
CVE Published:
12 December 2023

What is CVE-2023-5536?

A feature in LXD on Ubuntu Server allows users in the lxd group to escalate their privileges to root without a sudo password. This misconfiguration could enable malicious actors to gain unauthorized control over the system. It is essential to address this issue promptly to safeguard against potential exploits. Users are encouraged to review their LXD configurations and implement mitigations as outlined in the official documentation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Ubuntu Server Linux 0 < 24.04

References

https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/...
mitigation
https://ubuntu.com/security/CVE-2023-5536
issue-tracking
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071
issue-tracking

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tobias Jäger
JSON
.