CVE-2023-5536

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Dec 12, 2023

Updated: Dec 18, 2023

CWE ID 276

Summary

CVE-2023-5536 is a vulnerability affecting LXD, a container management system, in its default configuration used by Ubuntu Server. Privileged users within the lxd group can exploit this feature to escalate their privileges to root level without needing to enter a sudo password. This issue poses a significant risk as it bypasses the usual password protection mechanism for privilege escalation. Users are advised to apply the available patch or update to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Ubuntu Linux
Ubuntu

Affected Vendors

Canonical System

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s-TiVW
https://www.cve.org/CVERecord?id=CVE-2023-5536
https://nvd.nist.gov/vuln/detail/CVE-2023-5536

Back to Vulnerability Database