Vendor CVEs
Lxc
All CVEs
35 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8649 | Cri | 0.59 | 9.1 | 0.03 | May 1, 2017 | lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls. | ||
| CVE-2026-33945 | Cri | 0.57 | 9.9 | 0.00 | Mar 27, 2026 | Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a configuration key named something… | ||
| CVE-2026-33898 | Hig | 0.50 | 8.8 | 0.00 | Mar 27, 2026 | Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui` incorrectly validates the authentication token such that an invalid value will be accepted. `incus webui` runs a local web server on a random localhost port.… | ||
| CVE-2016-10124 | Hig | 0.49 | 8.6 | 0.02 | Jan 9, 2017 | An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the… | ||
| CVE-2025-52890 | Hig | 0.46 | 8.1 | 0.00 | Jun 25, 2025 | Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rules that partially bypass security options `security.mac_filtering`, `security.ipv4_filtering` and… | ||
| CVE-2026-32606 | Hig | 0.42 | 7.6 | 0.00 | Mar 18, 2026 | IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any… | ||
| CVE-2026-41684 | Med | 0.35 | 6.5 | 0.00 | May 7, 2026 | Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive… | ||
| CVE-2026-41647 | Med | 0.35 | 6.5 | 0.00 | May 7, 2026 | Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. This issue has been patched in version 7.0.0. | ||
| CVE-2026-40251 | Med | 0.35 | 6.5 | 0.00 | May 6, 2026 | Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The backup restore subsystem… | ||
| CVE-2026-40197 | Med | 0.35 | 6.5 | 0.00 | May 6, 2026 | Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup… | ||
| CVE-2026-40195 | Med | 0.35 | 6.5 | 0.00 | May 6, 2026 | Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present… | ||
| CVE-2026-39402 | Med | 0.35 | 6.5 | 0.00 | May 5, 2026 | lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When lxc-user-nic delete scans its NIC… | ||
| CVE-2026-41648 | Med | 0.26 | 5.0 | 0.00 | May 7, 2026 | Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup… | ||
| CVE-2026-35527 | Med | 0.26 | 5.0 | 0.00 | May 5, 2026 | Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The… | ||
| CVE-2026-40243 | Med | 0.24 | 4.8 | 0.00 | May 6, 2026 | Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and… | ||
| CVE-2026-41685 | Med | 0.21 | 4.3 | 0.00 | May 7, 2026 | Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using… | ||
| CVE-2018-6556 | Low | 0.21 | 3.3 | 0.00 | Aug 10, 2018 | lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side… | ||
| CVE-2017-5985 | Low | 0.21 | 3.3 | 0.00 | Mar 14, 2017 | lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check. | ||
| CVE-2025-52889 | Low | 0.15 | 3.4 | 0.00 | Jun 25, 2025 | Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rules for local services (DHCP, DNS...) that partially bypass security options `security.mac_filtering`,… | ||
| CVE-2026-33897 | 0.00 | — | 0.00 | Mar 26, 2026 | Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the… | |||
| CVE-2026-33743 | 0.00 | — | 0.00 | Mar 26, 2026 | Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server… | |||
| CVE-2026-33711 | 0.00 | — | 0.00 | Mar 26, 2026 | Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to deletion. As versions prior to… | |||
| CVE-2026-33542 | 0.00 | — | 0.00 | Mar 26, 2026 | Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to… | |||
| CVE-2026-23954 | 0.00 | — | 0.01 | Jan 22, 2026 | Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use directory traversal or symbolic links in the templating functionality to… | |||
| CVE-2026-23953 | 0.00 | — | 0.00 | Jan 22, 2026 | Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the ‘incus’ group) can create an environment variable containing newlines, which can be used… | |||
| CVE-2025-64507 | 0.00 | — | 0.00 | Nov 10, 2025 | Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the `security.shifted`… | |||
| CVE-2022-47952 | 0.00 | — | 0.01 | Jan 1, 2023 | lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace… | |||
| CVE-2017-18641 | 0.00 | — | 0.01 | Feb 10, 2020 | In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers. | |||
| CVE-2015-1344 | 0.00 | — | 0.00 | Dec 7, 2015 | The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file. | |||
| CVE-2015-1342 | 0.00 | — | 0.00 | Dec 7, 2015 | LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup. | |||
| CVE-2015-1335 | 0.00 | — | 0.00 | Oct 1, 2015 | lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. | |||
| CVE-2015-1334 | 0.00 | — | 0.00 | Aug 12, 2015 | attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label. | |||
| CVE-2015-1331 | 0.00 | — | 0.00 | Aug 12, 2015 | lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. | |||
| CVE-2014-1425 | 0.00 | — | 0.00 | Jan 7, 2015 | cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors. | |||
| CVE-2013-6441 | 0.00 | — | 0.01 | Feb 14, 2014 | The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file. |
- risk 0.59cvss 9.1epss 0.03
lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.
- risk 0.57cvss 9.9epss 0.00
Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a configuration key named something…
- risk 0.50cvss 8.8epss 0.00
Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui` incorrectly validates the authentication token such that an invalid value will be accepted. `incus webui` runs a local web server on a random localhost port.…
- risk 0.49cvss 8.6epss 0.02
An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the…
- risk 0.46cvss 8.1epss 0.00
Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rules that partially bypass security options `security.mac_filtering`, `security.ipv4_filtering` and…
- risk 0.42cvss 7.6epss 0.00
IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any…
- risk 0.35cvss 6.5epss 0.00
Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive…
- risk 0.35cvss 6.5epss 0.00
Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. This issue has been patched in version 7.0.0.
- risk 0.35cvss 6.5epss 0.00
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The backup restore subsystem…
- risk 0.35cvss 6.5epss 0.00
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup…
- risk 0.35cvss 6.5epss 0.00
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present…
- risk 0.35cvss 6.5epss 0.00
lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When lxc-user-nic delete scans its NIC…
- risk 0.26cvss 5.0epss 0.00
Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup…
- risk 0.26cvss 5.0epss 0.00
Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The…
- risk 0.24cvss 4.8epss 0.00
Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and…
- risk 0.21cvss 4.3epss 0.00
Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using…
- risk 0.21cvss 3.3epss 0.00
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side…
- risk 0.21cvss 3.3epss 0.00
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
- risk 0.15cvss 3.4epss 0.00
Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rules for local services (DHCP, DNS...) that partially bypass security options `security.mac_filtering`,…
- CVE-2026-33897Mar 26, 2026risk 0.00cvss —epss 0.00
Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the…
- CVE-2026-33743Mar 26, 2026risk 0.00cvss —epss 0.00
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server…
- CVE-2026-33711Mar 26, 2026risk 0.00cvss —epss 0.00
Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to deletion. As versions prior to…
- CVE-2026-33542Mar 26, 2026risk 0.00cvss —epss 0.00
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to…
- CVE-2026-23954Jan 22, 2026risk 0.00cvss —epss 0.01
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use directory traversal or symbolic links in the templating functionality to…
- CVE-2026-23953Jan 22, 2026risk 0.00cvss —epss 0.00
Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the ‘incus’ group) can create an environment variable containing newlines, which can be used…
- CVE-2025-64507Nov 10, 2025risk 0.00cvss —epss 0.00
Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the `security.shifted`…
- CVE-2022-47952Jan 1, 2023risk 0.00cvss —epss 0.01
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace…
- CVE-2017-18641Feb 10, 2020risk 0.00cvss —epss 0.01
In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.
- CVE-2015-1344Dec 7, 2015risk 0.00cvss —epss 0.00
The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file.
- CVE-2015-1342Dec 7, 2015risk 0.00cvss —epss 0.00
LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup.
- CVE-2015-1335Oct 1, 2015risk 0.00cvss —epss 0.00
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
- CVE-2015-1334Aug 12, 2015risk 0.00cvss —epss 0.00
attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.
- CVE-2015-1331Aug 12, 2015risk 0.00cvss —epss 0.00
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.
- CVE-2014-1425Jan 7, 2015risk 0.00cvss —epss 0.00
cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors.
- CVE-2013-6441Feb 14, 2014risk 0.00cvss —epss 0.01
The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.