CVE-2016-8649

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-8649
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8649.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-8649
Downstream
Related
Published
2017-05-01T06:59:00Z
Modified
2025-10-15T08:26:41.674438Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.

References

Affected packages

Git / github.com/lxc/lxc

Affected ranges

Type
GIT
Repo
https://github.com/lxc/lxc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
81f466d05f2a89cb4f122ef7f593ff3f279b165c

Affected versions

lxc-0.*

lxc-0.6.5
lxc-0.7.0
lxc-0.7.1
lxc-0.7.2
lxc-0.7.3
lxc-0.7.4
lxc-0.7.4-rc1
lxc-0.7.5
lxc-0.8.0
lxc-0.8.0-rc2
lxc-0.9.0
lxc-0.9.0.alpha1
lxc-0.9.0.alpha2
lxc-0.9.0.alpha3
lxc-0.9.0.rc1

lxc-1.*

lxc-1.0.0
lxc-1.0.0.alpha1
lxc-1.0.0.alpha2
lxc-1.0.0.alpha3
lxc-1.0.0.beta1
lxc-1.0.0.beta2
lxc-1.0.0.beta3
lxc-1.0.0.beta4
lxc-1.0.0.rc1
lxc-1.0.0.rc2
lxc-1.0.0.rc3
lxc-1.0.0.rc4
lxc-1.1.0
lxc-1.1.0.alpha1
lxc-1.1.0.alpha2
lxc-1.1.0.alpha3
lxc-1.1.0.rc1
lxc-1.1.0.rc2
lxc-1.1.0.rc3
lxc-1.1.0.rc4

lxc-2.*

lxc-2.0.0
lxc-2.0.0.beta1
lxc-2.0.0.beta2
lxc-2.0.0.rc1
lxc-2.0.0.rc10
lxc-2.0.0.rc11
lxc-2.0.0.rc12
lxc-2.0.0.rc13
lxc-2.0.0.rc14
lxc-2.0.0.rc15
lxc-2.0.0.rc2
lxc-2.0.0.rc3
lxc-2.0.0.rc4
lxc-2.0.0.rc5
lxc-2.0.0.rc6
lxc-2.0.0.rc7
lxc-2.0.0.rc8
lxc-2.0.0.rc9

Other

lxc_0_1_0
lxc_0_2_0
lxc_0_2_1
lxc_0_4_0
lxc_0_5_0
lxc_0_5_1
lxc_0_5_2
lxc_0_6_0
lxc_0_6_1
lxc_0_6_2
lxc_0_6_3
lxc_0_6_4

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "target": {
            "function": "lxc_attach",
            "file": "src/lxc/attach.c"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "86539981727894849039648246696796652100",
            "length": 4765.0
        },
        "source": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c",
        "signature_version": "v1",
        "id": "CVE-2016-8649-48068829"
    },
    {
        "deprecated": false,
        "target": {
            "function": "attach_child_main",
            "file": "src/lxc/attach.c"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "291183966849396587515960049467341175628",
            "length": 4636.0
        },
        "source": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c",
        "signature_version": "v1",
        "id": "CVE-2016-8649-535efa47"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/lxc/attach.c"
        },
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "182534638967419348501989485100612370211",
                "328087871680614339011072353046097453261",
                "221201795748112394380445681025374189695",
                "260739315370711100637584693082443249802",
                "151155786906574097486383613548445657557",
                "24129260862342566734185036111499086989",
                "199210070085103939412091930385777152243",
                "146380129465665399716144328027760893344",
                "148567472859883818088068106593420222884",
                "179217424169446769959121693235046219239",
                "262134186553808889151582344270487662481",
                "78528397423486474335873093044032343557",
                "13263848047663707583602212805902235891",
                "180673238382281781694473118489219258480",
                "140929996186448210187201387868508210991",
                "259781326512542569082586296473010157196",
                "42201010725732723143505945917433851451",
                "224060602730218200307472523296202783545",
                "188540000797028820253426722730075182810",
                "151462353824748895279782583445270305055",
                "208000932748870123868986967593283729017",
                "14997981488042323385240415520178637663",
                "62295931121034587742871011115419928430",
                "129553564187249329149381180742550867839",
                "194694732418934796690616213781110055041",
                "247587226344465615715670957960067987228",
                "171840331620192804421260256916694456449",
                "279558228675833959041478404047898676934",
                "70254232151386455977448108037267263919",
                "117963832062748887070041406393367310146",
                "250630138817409805621327732563538220126",
                "129789169023117941256876149415108834200",
                "98204644187630529303412928107929411208",
                "25415241057446248674248116480195666201",
                "206444756334068970647169361669767650649",
                "280795094593254412102265477507307998163",
                "81669537796804371064388812102565611738",
                "152664599305701197122286222496547134718",
                "215359974654636588553479083941380303689",
                "117194693401574342485772460381604127740",
                "206444756334068970647169361669767650649",
                "276437970186586279742921388482058825552",
                "291519389381335686405124693371791799877",
                "306873648993982497303724695829092276549",
                "196361232704673062660761448210681434816",
                "234948857118847056890448405623835339309",
                "64760237798136491732631207967787039989",
                "36941450991727191566326950154284643158",
                "169370865094947740225122710183584034265",
                "96430807676215890425407209390168952164",
                "175401536350468323204382506035847447011",
                "40258636815017553509233147175706547332",
                "234948857118847056890448405623835339309",
                "64760237798136491732631207967787039989",
                "308165041870633519841195833372083779972",
                "8546068742626447399219199799921933465",
                "149214989481471900535972375074806466972",
                "246509150097929994032173370725246747470",
                "134797215320627882286337146869882119526",
                "64646875120900211014450198362413338399",
                "251393657949913444008476546896154686428",
                "311892567088465641236994045244928064362",
                "265871425707057856379876204729479845299",
                "130025980675727519755865100273322141711",
                "84385075469768581605842504825011506252",
                "280914981413276535904061302790680634566",
                "66417573527256520066913307314544267736",
                "274160737647891287770770544477301130097",
                "4297527551589885553444182765409601223",
                "288687235456094819744530880850629567085",
                "89613822514666599890244884363510918040",
                "30307749573785738210727975667777357122",
                "56763153500749970670467993880323623380",
                "289581374206602215256057861036978456509",
                "285407083740305389973555148684559120372",
                "174059754831196890275262755310396738023",
                "257473639764863194800655163074782085136",
                "146628219049241475703162110138358270027",
                "282274866693984065059124497757783485513",
                "240007919634772002992521271255034806133",
                "254888056688377086199455782403515584826",
                "94422017579873676801874094049698613469",
                "303264886406865514222181053012309717320",
                "109717281110130629731196294217242507797",
                "324712596233884354702132797946183225000",
                "264234643769497086910169737733200331757",
                "24074986487623897990991783726038625251",
                "33604140261016652677004891763144699239",
                "238374391163541753201206094577912531805",
                "135755482635224183519094367763113182608",
                "71205238536723553814550155619762589025",
                "136005550826315470476012645411820590615",
                "282155980379117384185565171535459143122",
                "163808204064858768821003369168692043571",
                "75680745899215858397106293758828125742",
                "235360157282706949792368739967815832491",
                "256131428232882232061171750425072980091",
                "174444283685597753417308271397109305031",
                "280063984435067356605755055668519783243",
                "252114206949556119479394264634736490505",
                "15161083017303357217060026256616195626",
                "316736586641725236134023103381050315270",
                "164319727544882970221986711362054413740",
                "262582453361448712302858931342997618439",
                "44615074530479935058712832777291192943",
                "234082775529545396765225186858275461598",
                "178723934329820333545210965784101693011",
                "97286772979954326294604505102581560452",
                "211444691764000544247203152685115440168",
                "277940947308551121730547674736195255941",
                "320193817203739803875853328565347309714",
                "27522188253175704149870528082221453094",
                "55000344403796192990803464003232044247",
                "278709332845141151828303930594953254423",
                "182529173857073739445342189104941547670",
                "60159344793516415599896260780755028795",
                "198957223124757553095073439421733511458",
                "7099600215526121405821066805626297952",
                "41436877052644447205843618809101094668",
                "153646053680943069388151267411442914516",
                "81930253308596539377886050085951888833",
                "101872106387530822802509850483697583568",
                "328719818496712213788642506441720593367",
                "220606739525115356521928841289357650751",
                "162915433089896115039215475003793822216",
                "258115221580261665355273775932012917595",
                "159610645355238937771409662530387709833",
                "124340369296310444019517477304765590115",
                "73900695365268623768242891754893587033",
                "47309747188802705962162189732851379467",
                "102072150354673039493567124102241770708",
                "256837967297522663878994807399089247593",
                "207608449349171286088570706476023148916",
                "1906842689605258305767104700314176003",
                "233729589746649053597508943714541541220",
                "70955458099109633127839129705632571592",
                "61795395608277922553430713548144035393",
                "143217532035605211145485371184847643244",
                "130467561652968598413086694770094179198",
                "302343716712103545022266684715570923907",
                "198901910853596106128751780769669137430",
                "192625672409303038390498388859053878577",
                "168535553573121545120449685699464945554",
                "2613584486587917689367315101923658119",
                "1712120053092039393004787240827650648",
                "97780330555961006478776921550971145406",
                "67482483714389414234431398501248060744",
                "282544783533321607675440055442849733128",
                "141643576501915850229120651879940660029",
                "326156132986771457228208623876663641335",
                "151885910477519904765081877357675518695",
                "228030010009227809340245030981880915331",
                "220045125162212850964635372276857097388",
                "335207127616624185488150640530488013586",
                "312951395231144453716916113762196892658",
                "39073971419586427657261891670845041428",
                "127673696719879545835575798700386850666",
                "116934592922370227263992022791894451201",
                "126502645377729435537207099182605772523",
                "105626377195844774736641591510278784206",
                "69302570655526775336266740474534851487",
                "35692237708749064169502545659479310528"
            ]
        },
        "source": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c",
        "signature_version": "v1",
        "id": "CVE-2016-8649-7f972969"
    },
    {
        "deprecated": false,
        "target": {
            "function": "lsm_set_label_at",
            "file": "src/lxc/attach.c"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "132442875847108681640522407273627435606",
            "length": 1369.0
        },
        "source": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c",
        "signature_version": "v1",
        "id": "CVE-2016-8649-95d14dcd"
    }
]