CVE-2019-5736

CVE-2019-5736 affects runc as shipped in Docker before 18.09.2 and other products, enabling a container to overwrite the host runc binary via /proc/self/exe and gain host root. Root cause: file-descriptor mishandling in runc leading to command execution as root inside a container. Affected versio...

CVE-2018-6556

CVE-2018-6556 affects lxc-user-nic where, when asked to delete a network interface, the code unconditionally opens a user-supplied path. This can let an unprivileged user infer the existence of a path they should not reach and may trigger side effects by opening (read-only) kernel files such as /...

CVE-2015-1335

CVE-2015-1335 affects LXC (lxc-start) before 1.0.8 and 1.1.x before 1.1.4, enabling a local container administrator to escape AppArmor confinement via a symlink attack on a mount target or bind mount source. The connected documents corroborate a container breakout/unsafe mounting scenario and sho...

CVE-2017-5985

CVE-2017-5985 affects LXC’s lxc-user-nic component, where missing netns ownership checks let a local user with a lxc-usernet allocation create host interfaces and pick their names. The issue is documented across multiple vendors and advisories (openSUSE, Mageia, Arch Linux) with fixes in updated ...

CVE-2015-1331

CVE-2015-1331 affects LXC prior to 1.1.2 (lxclock.c) and enables local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. The connected records indicate the issue was addressed in later LXC updates (e.g., openSUSE security advisory openSUSE-2019-1481) which references upgrad...

CVE-2015-1334

CVE-2015-1334 affects LXC 1.1.2 and earlier. The issue arises in attach.c where a container uses the proc filesystem; a local attacker can mount a /proc with a crafted AppArmor profile or SELinux label to escape confinement. This enables potential bypass of AppArmor/SELinux restrictions by local ...

CVE-2022-47952

CVE-2022-47952 affects lxc-lxc-user-nic (lxc up to 5.0.1) where setuid root and local users can infer file existence by analyzing open() failure messages. Connected advisories (Debian DLA-3533; openSUSE openSUSE-SU-2024:0342-1; EulerOS advisories) confirm the vulnerability in multiple distributio...

CVE-2017-18641

CVE-2017-18641 affects LXC 2.0: template scripts fetch code over cleartext HTTP and skip a digital-signature check before bootstrapping containers. Root cause is lack of integrity/authenticity verification during bootstrapping. The connected Red Hat and Ubuntu entries corroborate the same descrip...

CVE-2013-6441

CVE-2013-6441 affects the LXC template lxc-sshd (templates/lxc-sshd.in) in LXC prior to 1.0.0.beta2, where /sbin/init was mounted with writable permissions. This allowed local users to modify the init file and gain privileges. The issue is rooted in a writable bind-mount of /sbin/init inside the ...

CVE-2016-8649

CVE-2016-8649 affects the LXC project: vulnerable in lxc-attach within LXC before 1.0.9 and 2.x before 2.0.6, allowing an unprivileged container to escape to the host filesystem via an inherited host /proc fd. Underlying issue is a guest escape Vulnerability via ptrace of lxc-attach. Affected ver...

CVE-2016-10124

CVE-2016-10124 affects Linux Containers (LXC) prior to 2016-02-22. When executing a program via lxc-attach, a non-privileged session can escape to the parent session by abusing the TIOCSTI ioctl to push characters into the terminal input buffer, enabling the attacker to escape the container. Mult...

CVE-2026-39402

Summary: CVE-2026-39402 affects the LXC user network helper (lxc-user-nic) in multi-tenant setups using Open vSwitch bridges. The delete path in the setuid helper contains a logic flaw in find_line() that can authorize deletion based on a name match even when ownership/type/link fields belong to ...