High severity8.6NVD Advisory· Published Jan 9, 2017· Updated May 6, 2026

CVE-2016-10124

Description

An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.

Affected products

Linuxcontainers/Lxc
cpe:2.3:a:linuxcontainers:lxc:*:rc1:*:*:*:*:*:*
Range: <=2.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6nvdIssue TrackingPatchThird Party Advisory
www.openwall.com/lists/oss-security/2014/12/15/5nvd
www.openwall.com/lists/oss-security/2015/09/03/5nvd
www.securityfocus.com/bid/95404nvd
security.gentoo.org/glsa/201711-09nvd

News mentions

No linked articles in our index yet.

cvss	0.559
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000