Vulnerability Details CVE-2015-1342
LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.5%
CVSS Severity
CVSS v2 Score 4.6
References
- http://www.ubuntu.com/usn/USN-2813-1
- https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1508481
- https://github.com/lxc/lxcfs/commit/a8b6c3e0537e90fba3c55910fd1b7229d54a60a7
- http://www.ubuntu.com/usn/USN-2813-1
- https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1508481
- https://github.com/lxc/lxcfs/commit/a8b6c3e0537e90fba3c55910fd1b7229d54a60a7
Products affected by CVE-2015-1342
-
cpe:2.3:a:canonical:lxcfs:0.11
-
cpe:2.3:o:canonical:ubuntu_linux:15.04
-
cpe:2.3:o:canonical:ubuntu_linux:15.10