CVE-2026-39402

Name of the Vulnerable Software and Affected Versions lxc versions prior to 7.0.0

Description A logic flaw in the find line() function of the lxc-user-nic setuid helper allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When scanning the NIC database to authorize a deletion request, the interface name comparison may set the authorization flag based solely on a name match, ignoring ownership, type, and link fields. This occurs because the check is reachable after the goto next label handling, and subsequent processes do not re-verify that the matched entry belongs to the caller. In multi-tenant environments using OpenVSwitch bridges, an attacker with a valid lxc-usernet policy entry can trigger the deletion of another user's OVS port on the same bridge, resulting in a denial of service by repeatedly disconnecting networking from other tenants' containers.

Recommendations Update to version 7.0.0.