Lxc
This hub aggregates every CVE we track for Lxc, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
12
CVEs tracked
1
Critical
5
High
0
In CISA KEV
Severity distribution
HIGH5LOW3MEDIUM3CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
2024-082026-07
Latest CVEs
The 12 most recently published vulnerabilities affecting Lxc.
- CVE-2026-39402lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion6.5
- CVE-2022-47952lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indica...3.3
- CVE-2017-18641In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.8.1
- CVE-2019-5736runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to...8.6
- CVE-2018-6556The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files3.3
- CVE-2016-8649lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's...9.1
- CVE-2017-5985lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ...3.3
- CVE-2016-10124An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push...8.6
- CVE-2015-1335lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.7.2
- CVE-2015-1331lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.4.9
- CVE-2015-1334attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted ...4.6
- CVE-2013-6441The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.7.2
Product normalization is registry-driven with AI assist and human review. How it works