CVE-2018-6556

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-6556
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6556.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-6556
Downstream
Related
Published
2018-08-10T15:29:01.297Z
Modified
2026-03-10T14:44:06.212020Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.

References

Affected packages

Git / github.com/lxc/lxc

Affected ranges

Type
GIT
Repo
https://github.com/lxc/lxc
Events
Introduced
823765e50bf4df2f2365bd2590768676634919b7
Last affected
5dafcdd9bbc1f224d715540c681d2626cb2d5699
Introduced
5b66b6ee3e3cd2575a4b9b2eb8190b2b05ab4b42
Fixed
56fb4efa7a2f2e45b46177785e1fa62978e3ff34
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
223b1e0c874181883d0f75f9d7e7f80a67f85faf
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
823765e50bf4df2f2365bd2590768676634919b7
Database specific 
{
    "versions": [
        {
            "introduced": "2.0.0"
        },
        {
            "last_affected": "2.0.9"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.0.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0"
        }
    ]
}

Affected versions

lxc-2.*
lxc-2.0.0
lxc-2.0.1
lxc-2.0.2
lxc-2.0.3
lxc-2.0.4
lxc-2.0.5
lxc-2.0.6
lxc-2.0.7
lxc-2.0.8
lxc-2.0.9
lxc-2.1.0
lxc-3.*
lxc-3.0.0
lxc-3.0.0.beta1
lxc-3.0.0.beta2
lxc-3.0.0.beta3
lxc-3.0.0.beta4
lxc-3.0.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6556.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11-sp3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11-sp4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0"
            }
        ]
    }
]