Lucene search

[email protected]CVE-2023-5536

HistoryDec 12, 2023 - 2:15 a.m.

CVE-2023-5536

2023-12-1202:15:09

CWE-276

[email protected]

web.nvd.nist.gov

cve-2023-5536

lxd

privilege escalation

ubuntu server

nvd

6.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.

Affected configurations

NVD

Node

canonicalubuntu_linuxRange<24.04

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxlt24.04

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	lt	24.04

CNA Affected

[
  {
    "vendor": "Canonical",
    "product": "Ubuntu Server",
    "platforms": [
      "Linux"
    ],
    "packageName": "Linux",
    "versions": [
      {
        "status": "unaffected",
        "version": "0",
        "lessThan": "24.04",
        "versionType": "semver"
      }
    ]
  }
]

References

bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536

discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4

ubuntu.com/security/CVE-2023-5536

6.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-5536

nvd1 cvelist1 ubuntucve1 prion1