Main Vulnerability Database SB2024120236

SB2024120236 - Improper Certificate Validation in lxd

Published: December 2, 2024 Updated: April 9, 2026

Security Bulletin ID SB2024120236

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Certificate Validation (CVE-ID: CVE-2024-6156)

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to improper certificate validation in the TLS client certificate authentication logic when handling TLS handshakes in PKI mode. A local user can send a non-CA-signed certificate that is already present in the trust store to disclose sensitive information.

Only systems running in PKI mode are affected, and exploitation requires the certificate to have been present in the trust store before PKI mode was enabled.

Remediation

Install update from vendor's website.

References

https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v