CVE-2018-6556

Name: CVE-2018-6556
Creator: NVD / NIST
Published: 2018-08-10T15:29:01.297+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.35%

Last modified Jun 17, 2026

CVE-2018-6556 is a vulnerability of currently unknown severity. lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. EPSS estimates a 0.35% chance of exploitation in the next 30 days.

Description

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.

Metrics

EPSS Probability

0.35%

26.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-417

Affected Software

Vendor	Product	Versions	Update
Canonical	Ubuntu Linux	18.04	—
Linuxcontainers	Lxc	>= 2.0.0, <= 2.0.9	—
Linuxcontainers	Lxc	>= 3.0.0, < 3.0.2	—
Suse	Caas Platform	1.0	—
Suse	Caas Platform	2.0	—
Suse	Openstack Cloud	6	—
Suse	Suse Linux Enterprise Server	11	Sp3
Opensuse	Leap	15.0	—

References

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591Issue Tracking, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=988348Issue Tracking, Patch
https://security.gentoo.org/glsa/201808-02Third Party Advisory
https://usn.ubuntu.com/usn/usn-3730-1Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591Issue Tracking, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=988348Issue Tracking, Patch
https://security.gentoo.org/glsa/201808-02Third Party Advisory
https://usn.ubuntu.com/usn/usn-3730-1Third Party Advisory

Timeline

Published: Aug 10, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-6556?

How severe is CVE-2018-6556?

Severity scoring for CVE-2018-6556 is pending analysis. The EPSS model estimates a 0.35% probability of exploitation in the next 30 days.

How do I fix CVE-2018-6556?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-6556?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST