CVE-2026-34177

Name of the Vulnerable Software and Affected Versions Canonical LXD versions 4.12 through 6.7

Description Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in the isVMLowLevelOptionForbidden function (lxd/project/limits/permissions.go). This denylist omits raw.apparmor and raw.qemu.conf from the keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote attacker with can edit permission on a VM instance in a restricted project can inject an AppArmor rule and a QEMU chardev configuration. This allows bridging the LXD Unix socket into the guest VM, potentially leading to privilege escalation to LXD cluster administrator and subsequently to host root.

Recommendations Update to a version beyond 6.7. As a temporary workaround, restrict can edit permissions on VM instances within restricted projects.