Critical severity9.1NVD Advisory· Published May 1, 2017· Updated May 13, 2026

CVE-2016-8649

Description

lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatch
github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165cnvdPatchVendor Advisory
www.securityfocus.com/bid/94498nvdThird Party AdvisoryVDB Entry
bugs.debian.org/cgi-bin/bugreport.cginvdThird Party Advisory
bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345nvdThird Party Advisory
security-tracker.debian.org/tracker/CVE-2016-8649nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000