{"id":"CVE-2018-6556","details":"lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.","modified":"2026-04-10T04:12:46.660206Z","published":"2018-08-10T15:29:01.297Z","related":["openSUSE-SU-2019:1227-1","openSUSE-SU-2019:1230-1","openSUSE-SU-2019:1275-1","openSUSE-SU-2024:11030-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201808-02"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/usn/usn-3730-1"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"},{"type":"REPORT","url":"https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591"},{"type":"FIX","url":"https://bugzilla.suse.com/show_bug.cgi?id=988348"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lxc/lxc","events":[{"introduced":"823765e50bf4df2f2365bd2590768676634919b7"},{"last_affected":"5dafcdd9bbc1f224d715540c681d2626cb2d5699"},{"introduced":"5b66b6ee3e3cd2575a4b9b2eb8190b2b05ab4b42"},{"fixed":"56fb4efa7a2f2e45b46177785e1fa62978e3ff34"},{"introduced":"0"},{"last_affected":"223b1e0c874181883d0f75f9d7e7f80a67f85faf"},{"introduced":"0"},{"last_affected":"823765e50bf4df2f2365bd2590768676634919b7"}],"database_specific":{"versions":[{"introduced":"2.0.0"},{"last_affected":"2.0.9"},{"introduced":"3.0.0"},{"fixed":"3.0.2"},{"introduced":"0"},{"last_affected":"1.0"},{"introduced":"0"},{"last_affected":"2.0"}]}}],"versions":["lxc-0.6.5","lxc-0.7.0","lxc-0.7.1","lxc-0.7.2","lxc-0.7.3","lxc-0.7.4","lxc-0.7.4-rc1","lxc-0.7.5","lxc-0.8.0","lxc-0.8.0-rc2","lxc-0.9.0","lxc-0.9.0.alpha1","lxc-0.9.0.alpha2","lxc-0.9.0.alpha3","lxc-0.9.0.rc1","lxc-1.0.0","lxc-1.0.0.alpha1","lxc-1.0.0.alpha2","lxc-1.0.0.alpha3","lxc-1.0.0.beta1","lxc-1.0.0.beta2","lxc-1.0.0.beta3","lxc-1.0.0.beta4","lxc-1.0.0.rc1","lxc-1.0.0.rc2","lxc-1.0.0.rc3","lxc-1.0.0.rc4","lxc-2.0.0","lxc-2.0.1","lxc-2.0.2","lxc-2.0.3","lxc-2.0.4","lxc-2.0.5","lxc-2.0.6","lxc-2.0.7","lxc-2.0.8","lxc-2.0.9","lxc-3.0.0","lxc-3.0.1","lxc_0_1_0","lxc_0_2_0","lxc_0_2_1","lxc_0_4_0","lxc_0_5_0","lxc_0_5_1","lxc_0_5_2","lxc_0_6_0","lxc_0_6_1","lxc_0_6_2","lxc_0_6_3","lxc_0_6_4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6556.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"6"}]},{"events":[{"introduced":"0"},{"last_affected":"11-sp3"}]},{"events":[{"introduced":"0"},{"last_affected":"11-sp4"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}