SB2023012438 - Information disclosure in LXC
Published: January 24, 2023
Security Bulletin ID
SB2023012438
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Exposure of Resource to Wrong Sphere (CVE-ID: CVE-2022-47952)
The vulnerability allows a local user to compromise the system.
The vulnerability exists due to exposure of resource to wrong sphere in lxc-user-nic. A local user can obtain file existence information.
Remediation
Install update from vendor's website.
References
- https://github.com/MaherAzzouzi/CVE-2022-47952
- https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45
- https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274
- https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104