The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-07
Updated
2015-12-08
LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup.
Max CVSS
4.6
EPSS Score
0.04%
Published
2015-12-07
Updated
2015-12-08
2 vulnerabilities found