CVE-2018-6556

Name of the Vulnerable Software and Affected Versions: LXC versions 2.0.9 and above LXC versions 3.0.0 and above, prior to 3.0.2

Description: The issue is related to the lxc-user-nic when deleting a network interface, which unconditionally opens a user-provided path. This can be used by an unprivileged user to check for the existence of a path they wouldn't otherwise be able to reach. It may also trigger side effects by causing a read-only open of special kernel files, such as ptmx, proc, and sys.

Recommendations: For LXC versions 2.0.9 and above, update to a version prior to the affected range or apply a patch if available. For LXC versions 3.0.0 and above, prior to 3.0.2, update to version 3.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the lxc-user-nic functionality to minimize the risk of exploitation.