CVE-2018-6556

Low

Low Medium High Critical

CVSS Score

Published: Aug 10, 2018

Last Modified: Nov 21, 2024

Vulnerability Description

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.

Known Affected Software

18 configuration(s) from 4 vendor(s)

ubuntu_linux

Version:

18.04

CPE:

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*

lxc

Version:

2.0.9

CPE:

cpe:2.3:a:linuxcontainers:lxc:2.0.9:*:*:*:*:*:*:*

lxc

Version:

2.0.3

CPE:

cpe:2.3:a:linuxcontainers:lxc:2.0.3:*:*:*:*:*:*:*

lxc

Version:

3.0.1

CPE:

cpe:2.3:a:linuxcontainers:lxc:3.0.1:*:*:*:*:*:*:*

lxc

Version:

2.0.2

CPE:

cpe:2.3:a:linuxcontainers:lxc:2.0.2:*:*:*:*:*:*:*

lxc

Version:

2.0.6

CPE:

cpe:2.3:a:linuxcontainers:lxc:2.0.6:*:*:*:*:*:*:*

lxc

Version:

2.0.7

CPE:

cpe:2.3:a:linuxcontainers:lxc:2.0.7:*:*:*:*:*:*:*

lxc

Version:

2.0.8

CPE:

cpe:2.3:a:linuxcontainers:lxc:2.0.8:*:*:*:*:*:*:*

lxc

Version:

2.0.4

CPE:

cpe:2.3:a:linuxcontainers:lxc:2.0.4:*:*:*:*:*:*:*

lxc

Version:

3.0.0

CPE:

cpe:2.3:a:linuxcontainers:lxc:3.0.0:*:*:*:*:*:*:*

lxc

Version:

2.0.5

CPE:

cpe:2.3:a:linuxcontainers:lxc:2.0.5:*:*:*:*:*:*:*

lxc

Version:

2.0.1

CPE:

cpe:2.3:a:linuxcontainers:lxc:2.0.1:*:*:*:*:*:*:*

lxc

Version:

2.0.0

CPE:

cpe:2.3:a:linuxcontainers:lxc:2.0.0:-:*:*:*:*:*:*

leap

Version:

15.0

CPE:

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

caas_platform

Version:

1.0

CPE:

cpe:2.3:a:suse:caas_platform:1.0:*:*:*:*:*:*:*

suse_linux_enterprise_server

Version:

CPE:

cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:-:*:*

caas_platform

Version:

2.0

CPE:

cpe:2.3:a:suse:caas_platform:2.0:*:*:*:*:*:*:*

openstack_cloud

Version:

CPE:

cpe:2.3:a:suse:openstack_cloud:6:*:*:*:*:*:*:*

This vulnerability affects 18 software configuration(s). Ensure you patch all affected systems.

Available Security Patches

1 patch available from vendors

View All Patches

SUSE

CVE-2022-47952

Severity

Unknown

Released

Jan 03, 2023

Security Update

View Details Vendor Page

Browse All Security Patches

References & Resources

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-417

View CWE Details on MITRE

Key Information

Published Date: August 10, 2018

External Resources

NIST NVD

National Vulnerability Database

MITRE CVE

Official CVE record

CVE Vulnerabilities

Posts & Pages

CVE-2018-6556

Vulnerability Description

Known Affected Software

canonical

linuxcontainers

opensuse

suse

Available Security Patches

CVE-2022-47952

References & Resources

Severity Details

Weakness Type (CWE)

Key Information

External Resources