VYPR

rpm package

opensuse/lxc&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/lxc&distro=openSUSE%20Tumbleweed

Vulnerabilities (9)

  • CVE-2026-39402MedMay 5, 2026
    affected < 7.0.0-1.1fixed 7.0.0-1.1

    lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When lxc-user-nic delete scans its NIC datab

  • CVE-2022-47952Jan 1, 2023
    affected < 5.0.2-1.1fixed 5.0.2-1.1

    lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path

  • CVE-2019-5736Feb 11, 2019
    affected < 4.0.9-1.1fixed 4.0.9-1.1

    runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new conta

  • CVE-2018-6556LowAug 10, 2018
    affected < 4.0.9-1.1fixed 4.0.9-1.1

    lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effect

  • CVE-2016-8649CriMay 1, 2017
    affected < 2.0.4-2.1fixed 2.0.4-2.1

    lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.

  • CVE-2017-5985LowMar 14, 2017
    affected < 4.0.9-1.1fixed 4.0.9-1.1

    lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.

  • CVE-2015-1335Oct 1, 2015
    affected < 2.0.4-2.1fixed 2.0.4-2.1

    lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.

  • CVE-2015-1334Aug 12, 2015
    affected < 2.0.4-2.1fixed 2.0.4-2.1

    attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.

  • CVE-2015-1331Aug 12, 2015
    affected < 2.0.4-2.1fixed 2.0.4-2.1

    lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.

VYPR — Vulnerability Intelligence