CVE-2023-5536

Description

A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Affected products

Canonical / Ubuntu Server0 – 24.04

References

VENDOR_ADVISORYhttps://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4
VENDOR_ADVISORYhttps://ubuntu.com/security/CVE-2023-5536
MISChttps://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071
CONFIRMhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536