Vulnerability Report: GO-2021-0071

CVE-2015-1340, GHSA-8mpq-fmr3-6jxv
Affects: github.com/lxc/lxd
Published: Apr 14, 2021
Modified: Jun 03, 2024

A race between chown and chmod operations during a container filesystem shift may allow a user who can modify the filesystem to chmod an arbitrary path of their choice, rather than the expected path.

Affected Packages

Path

Go Versions

Symbols
github.com/lxc/lxd/shared

before v0.0.0-20151004155856-19c6961cc101
1 unexported affected symbols
- IdmapSet.doUidshiftIntoContainer

Aliases

CVE-2015-1340
GHSA-8mpq-fmr3-6jxv

References

https://github.com/lxc/lxd/commit/19c6961cc1012c8a529f20807328a9357f5034f4
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1502270
https://vuln.go.dev/ID/GO-2021-0071.json

Credits

Seth Arnold

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL