suse · CVE-2018-6556

Quick triage

Priority: medium Published: 2021-05-30 14:10:47 UTC Updated: 2025-05-17 23:35:33 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-6556 severity moderate: SUSE including 22 source package names (liblxc-devel-3.1.0-bp150.5.3.1, liblxc-devel-3.1.0-lp150.2.10.1, …), 62 product×package rows across 34 product lines (SUSE CaaS Platform 4.0, SUSE CaaS Platform 4.5, … (34 product lines)): Known Not Affected 43, Fixed 19.

Description:

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.

cvelogic Threat Intelligence