{"id":"UBUNTU-CVE-2024-6156","details":"Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.","modified":"2026-04-08T13:45:38.086500Z","published":"2024-12-06T00:15:00Z","upstream":["CVE-2024-6156"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-6156"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2024-6156"}],"affected":[{"package":{"name":"lxd","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/lxd@2.0.11-0ubuntu1~16.04.4+esm2?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.20-0ubuntu4","0.21-0ubuntu3","0.21-0ubuntu5","0.22-0ubuntu1","0.22-0ubuntu2","0.23-0ubuntu1","0.23-0ubuntu2","0.23-0ubuntu3","0.24-0ubuntu2","0.24-0ubuntu3","0.24-0ubuntu4","0.25-0ubuntu1","0.26-0ubuntu2","0.26-0ubuntu3","0.27-0ubuntu1","0.27-0ubuntu2","2.0.0~beta1-0ubuntu3","2.0.0~beta1-0ubuntu4","2.0.0~beta2-0ubuntu1","2.0.0~beta2-0ubuntu2","2.0.0~beta3-0ubuntu1","2.0.0~beta3-0ubuntu2","2.0.0~beta3-0ubuntu3","2.0.0~beta3-0ubuntu4","2.0.0~beta4-0ubuntu1","2.0.0~beta4-0ubuntu2","2.0.0~beta4-0ubuntu3","2.0.0~beta4-0ubuntu4","2.0.0~beta4-0ubuntu5","2.0.0~beta4-0ubuntu6","2.0.0~beta4-0ubuntu7","2.0.0~rc1-0ubuntu1","2.0.0~rc1-0ubuntu2","2.0.0~rc1-0ubuntu3","2.0.0~rc2-0ubuntu2","2.0.0~rc2-0ubuntu3","2.0.0~rc3-0ubuntu1","2.0.0~rc3-0ubuntu2","2.0.0~rc3-0ubuntu3","2.0.0~rc3-0ubuntu4","2.0.0~rc4-0ubuntu1","2.0.0~rc5-0ubuntu1","2.0.0~rc6-0ubuntu1","2.0.0~rc6-0ubuntu2","2.0.0~rc7-0ubuntu1","2.0.0~rc7-0ubuntu2","2.0.0~rc8-0ubuntu1","2.0.0~rc8-0ubuntu2","2.0.0~rc8-0ubuntu3","2.0.0~rc8-0ubuntu5","2.0.0~rc8-0ubuntu6","2.0.0~rc8-0ubuntu7","2.0.0~rc9-0ubuntu2","2.0.0~rc9-0ubuntu3","2.0.0~rc9-0ubuntu4","2.0.0~rc9-0ubuntu5","2.0.0-0ubuntu1","2.0.0-0ubuntu2","2.0.0-0ubuntu3","2.0.0-0ubuntu4","2.0.1-0ubuntu1~16.04.1","2.0.2-0ubuntu1~16.04.1","2.0.3-0ubuntu1~ubuntu16.04.2","2.0.4-0ubuntu1~ubuntu16.04.1","2.0.5-0ubuntu1~ubuntu16.04.1","2.0.8-0ubuntu1~ubuntu16.04.1","2.0.8-0ubuntu1~ubuntu16.04.2","2.0.9-0ubuntu1~16.04.1","2.0.9-0ubuntu1~16.04.2","2.0.10-0ubuntu1~16.04.1","2.0.10-0ubuntu1~16.04.2","2.0.11-0ubuntu1~16.04.2","2.0.11-0ubuntu1~16.04.4","2.0.11-0ubuntu1~16.04.4+esm1","2.0.11-0ubuntu1~16.04.4+esm2"],"ecosystem_specific":{"binaries":[{"binary_version":"2.0.11-0ubuntu1~16.04.4+esm2","binary_name":"golang-github-lxc-lxd-dev"},{"binary_version":"2.0.11-0ubuntu1~16.04.4+esm2","binary_name":"lxc2"},{"binary_version":"2.0.11-0ubuntu1~16.04.4+esm2","binary_name":"lxd"},{"binary_version":"2.0.11-0ubuntu1~16.04.4+esm2","binary_name":"lxd-client"},{"binary_version":"2.0.11-0ubuntu1~16.04.4+esm2","binary_name":"lxd-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-6156.json"}},{"package":{"name":"lxd","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/lxd@3.0.3-0ubuntu1~18.04.2+esm2?arch=source&distro=esm-infra/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.18-0ubuntu6","2.19-0ubuntu1","2.20-0ubuntu3","2.20-0ubuntu4","2.21-0ubuntu1","2.21-0ubuntu2","2.21-0ubuntu3","2.21-0ubuntu4","3.0.0~beta2-0ubuntu3","3.0.0~beta3-0ubuntu3","3.0.0~beta5-0ubuntu2","3.0.0~beta7-0ubuntu1","3.0.0-0ubuntu1","3.0.0-0ubuntu2","3.0.0-0ubuntu3","3.0.0-0ubuntu4","3.0.1-0ubuntu1~18.04.1","3.0.2-0ubuntu1~18.04.1","3.0.3-0ubuntu1~18.04.1","3.0.3-0ubuntu1~18.04.2","3.0.3-0ubuntu1~18.04.2+esm1","3.0.3-0ubuntu1~18.04.2+esm2"],"ecosystem_specific":{"binaries":[{"binary_version":"3.0.3-0ubuntu1~18.04.2+esm2","binary_name":"lxd"},{"binary_version":"3.0.3-0ubuntu1~18.04.2+esm2","binary_name":"lxd-client"},{"binary_version":"3.0.3-0ubuntu1~18.04.2+esm2","binary_name":"lxd-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-6156.json"}},{"package":{"name":"lxd","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/lxd@1:0.10?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:0.7","1:0.8","1:0.9","1:0.10"],"ecosystem_specific":{"binaries":[{"binary_version":"1:0.10","binary_name":"lxd"},{"binary_version":"1:0.10","binary_name":"lxd-client"},{"binary_version":"1:0.10","binary_name":"lxd-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-6156.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}