CVE-2015-1340 HIGH

CVE-2015-1340: chmod race in doUidshiftIntoContainer

Vendor Ubuntu
Product LXD
Published April 22, 2019
Last update September 17, 2024

CVSS base score

7.0/10
Attack vector Physical
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.

Key dates

02Disclosure timeline

April 22, 2019 CVE published
September 17, 2024 Record updated