Name of the Vulnerable Software and Affected Versions LXD (affected versions not specified)

Description A security issue allows users with restricted access to a project to gain root access on the system by creating a disk device with shift=true and creating a setuid root executable. This is possible because the shift property is not restricted unless restricted.devices.disk.paths is set. The issue can be exploited by creating a disk device with specific settings, as demonstrated in the proof of concept.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.