UBUNTU-CVE-2020-8933

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-8933

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-8933.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-8933

Related

CVE-2020-8933

Published

2020-06-22T14:15:00Z

Modified

2024-12-18T16:39:42Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "lxd" user from the OS Login entry.

References

Affected packages

Ubuntu:Pro:14.04:LTS / gce-compute-image-packages

Package

Name: gce-compute-image-packages
Purl: pkg:deb/ubuntu/gce-compute-image-packages?arch=src?distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

20160930-0ubuntu3~14.*

20160930-0ubuntu3~14.04.0

20160930-0ubuntu3~14.04.1

20160930-0ubuntu3~14.04.2

20160930-0ubuntu6~14.*

20160930-0ubuntu6~14.04.0

20170426-0ubuntu2~14.*

20170426-0ubuntu2~14.04.0

20170523-0ubuntu1~14.*

20170523-0ubuntu1~14.04.0

20170622-0ubuntu1~14.*

20170622-0ubuntu1~14.04.0

20170718-0ubuntu1~14.*

20170718-0ubuntu1~14.04.0

20171019+dfsg1-0ubuntu1~14.*

20171019+dfsg1-0ubuntu1~14.04.0

20171025+dfsg1-0ubuntu1~14.*

20171025+dfsg1-0ubuntu1~14.04.0

20171129+dfsg1-0ubuntu1~14.*

20171129+dfsg1-0ubuntu1~14.04.0

20180129+dfsg1-0ubuntu1~14.*

20180129+dfsg1-0ubuntu1~14.04.0

20180510+dfsg1-0ubuntu3~14.*

20180510+dfsg1-0ubuntu3~14.04.3

20180905+dfsg1-0ubuntu1~14.*

20180905+dfsg1-0ubuntu1~14.04.0

20180905+dfsg1-0ubuntu1~14.04.1

20190124+dfsg1-0ubuntu1~14.*

20190124+dfsg1-0ubuntu1~14.04.0

20190315-0ubuntu1~14.*

20190315-0ubuntu1~14.04.0

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:16.04:LTS / gce-compute-image-packages

Package

Name: gce-compute-image-packages
Purl: pkg:deb/ubuntu/gce-compute-image-packages?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20190801-0ubuntu1~16.04.1

Affected versions

20160930-0ubuntu3~16.*

20160930-0ubuntu3~16.04.0

20160930-0ubuntu5~16.*

20160930-0ubuntu5~16.04.0

20160930-0ubuntu6~16.*

20160930-0ubuntu6~16.04.0

20170426-0ubuntu2~16.*

20170426-0ubuntu2~16.04.0

20170523-0ubuntu1~16.*

20170523-0ubuntu1~16.04.0

20170622-0ubuntu1~16.*

20170622-0ubuntu1~16.04.0

20170718-0ubuntu1~16.*

20170718-0ubuntu1~16.04.0

20171019+dfsg1-0ubuntu1~16.*

20171019+dfsg1-0ubuntu1~16.04.0

20171025+dfsg1-0ubuntu1~16.*

20171025+dfsg1-0ubuntu1~16.04.0

20171129+dfsg1-0ubuntu1~16.*

20171129+dfsg1-0ubuntu1~16.04.0

20180129+dfsg1-0ubuntu1~16.*

20180129+dfsg1-0ubuntu1~16.04.0

20180510+dfsg1-0ubuntu3~16.*

20180510+dfsg1-0ubuntu3~16.04.0

20180510+dfsg1-0ubuntu3~16.04.1

20180905+dfsg1-0ubuntu1~16.*

20180905+dfsg1-0ubuntu1~16.04.0

20180905+dfsg1-0ubuntu1~16.04.1

20190124+dfsg1-0ubuntu1~16.*

20190124+dfsg1-0ubuntu1~16.04.0

20190522-0ubuntu1~16.*

20190522-0ubuntu1~16.04.0

20190801-0ubuntu1~16.*

20190801-0ubuntu1~16.04.0

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "20190801-0ubuntu1~16.04.1",
            "binary_name": "gce-compute-image-packages"
        },
        {
            "binary_version": "20190801-0ubuntu1~16.04.1",
            "binary_name": "google-compute-engine-oslogin"
        },
        {
            "binary_version": "20190801-0ubuntu1~16.04.1",
            "binary_name": "google-compute-engine-oslogin-dbgsym"
        },
        {
            "binary_version": "20190801-0ubuntu1~16.04.1",
            "binary_name": "python-google-compute-engine"
        },
        {
            "binary_version": "20190801-0ubuntu1~16.04.1",
            "binary_name": "python3-google-compute-engine"
        }
    ]
}

Ubuntu:18.04:LTS / gce-compute-image-packages

Package

Name: gce-compute-image-packages
Purl: pkg:deb/ubuntu/gce-compute-image-packages?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20190801-0ubuntu1~18.04.1

Affected versions

Other

20171006+dfsg1-0ubuntu1

20171019+dfsg1-0ubuntu1

20171025+dfsg1-0ubuntu1

20171129+dfsg1-0ubuntu1

20180129+dfsg1-0ubuntu1

20180129+dfsg1-0ubuntu2

20180129+dfsg1-0ubuntu3

20180510+dfsg1-0ubuntu4~18.*

20180510+dfsg1-0ubuntu4~18.04.0

20180510+dfsg1-0ubuntu4~18.04.1

20180905+dfsg1-0ubuntu1~18.*

20180905+dfsg1-0ubuntu1~18.04.0

20190124+dfsg1-0ubuntu1~18.*

20190124+dfsg1-0ubuntu1~18.04.0

20190522-0ubuntu1~18.*

20190522-0ubuntu1~18.04.0

20190801-0ubuntu1~18.*

20190801-0ubuntu1~18.04.0

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "20190801-0ubuntu1~18.04.1",
            "binary_name": "gce-compute-image-packages"
        },
        {
            "binary_version": "20190801-0ubuntu1~18.04.1",
            "binary_name": "google-compute-engine-oslogin"
        },
        {
            "binary_version": "20190801-0ubuntu1~18.04.1",
            "binary_name": "google-compute-engine-oslogin-dbgsym"
        },
        {
            "binary_version": "20190801-0ubuntu1~18.04.1",
            "binary_name": "python-google-compute-engine"
        },
        {
            "binary_version": "20190801-0ubuntu1~18.04.1",
            "binary_name": "python3-google-compute-engine"
        }
    ]
}

Ubuntu:20.04:LTS / gce-compute-image-packages

Package

Name: gce-compute-image-packages
Purl: pkg:deb/ubuntu/gce-compute-image-packages?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20190801-0ubuntu4.1

Affected versions

Other

20190801-0ubuntu1

20190801-0ubuntu2

20190801-0ubuntu3

20190801-0ubuntu4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "20190801-0ubuntu4.1",
            "binary_name": "gce-compute-image-packages"
        },
        {
            "binary_version": "20190801-0ubuntu4.1",
            "binary_name": "google-compute-engine-oslogin"
        },
        {
            "binary_version": "20190801-0ubuntu4.1",
            "binary_name": "google-compute-engine-oslogin-dbgsym"
        },
        {
            "binary_version": "20190801-0ubuntu4.1",
            "binary_name": "python3-google-compute-engine"
        }
    ]
}