Search criteria
3 vulnerabilities found for incus by linuxcontainers
CVE-2025-64507 (GCVE-0-2025-64507)
Vulnerability from nvd – Published: 2025-11-10 21:56 – Updated: 2025-11-12 20:13
VLAI?
Title
Incus vulnerable to local privilege escalation through custom storage volumes
Summary
Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the `security.shifted` property set to `true` as well as access to the host as an unprivileged user. The most common case for this would be systems using `incus-user` with the less privileged `incus` group to provide unprivileged users with an isolated restricted access to Incus. Such users may be able to create a custom storage volume with the necessary property (depending on kernel and filesystem support) and can then write a setuid binary from within the container which can be executed as an unprivileged user on the host to gain root privileges. A patch for this issue is expected in versions 6.0.6 and 6.19.0. As a workaround, permissions can be manually restricted until a patched version of Incus is deployed.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64507",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T17:35:12.213063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T20:13:48.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lxc/incus/issues/2641"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "incus",
"vendor": "lxc",
"versions": [
{
"status": "affected",
"version": "\u003c 6.0.6"
},
{
"status": "affected",
"version": "\u003e= 6.1.0, \u003c 6.19.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the `security.shifted` property set to `true` as well as access to the host as an unprivileged user. The most common case for this would be systems using `incus-user` with the less privileged `incus` group to provide unprivileged users with an isolated restricted access to Incus. Such users may be able to create a custom storage volume with the necessary property (depending on kernel and filesystem support) and can then write a setuid binary from within the container which can be executed as an unprivileged user on the host to gain root privileges. A patch for this issue is expected in versions 6.0.6 and 6.19.0. As a workaround, permissions can be manually restricted until a patched version of Incus is deployed."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T21:56:26.578Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/lxc/incus/security/advisories/GHSA-56mx-8g9f-5crf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/incus/security/advisories/GHSA-56mx-8g9f-5crf"
},
{
"name": "https://github.com/lxc/incus/issues/2641",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lxc/incus/issues/2641"
},
{
"name": "https://github.com/lxc/incus/pull/2642",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lxc/incus/pull/2642"
}
],
"source": {
"advisory": "GHSA-56mx-8g9f-5crf",
"discovery": "UNKNOWN"
},
"title": "Incus vulnerable to local privilege escalation through custom storage volumes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64507",
"datePublished": "2025-11-10T21:56:26.578Z",
"dateReserved": "2025-11-05T21:15:39.399Z",
"dateUpdated": "2025-11-12T20:13:48.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
FKIE_CVE-2025-64507
Vulnerability from fkie_nvd - Published: 2025-11-10 22:15 - Updated: 2025-12-29 16:29
Severity ?
Summary
Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the `security.shifted` property set to `true` as well as access to the host as an unprivileged user. The most common case for this would be systems using `incus-user` with the less privileged `incus` group to provide unprivileged users with an isolated restricted access to Incus. Such users may be able to create a custom storage volume with the necessary property (depending on kernel and filesystem support) and can then write a setuid binary from within the container which can be executed as an unprivileged user on the host to gain root privileges. A patch for this issue is expected in versions 6.0.6 and 6.19.0. As a workaround, permissions can be manually restricted until a patched version of Incus is deployed.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/lxc/incus/issues/2641 | Exploit, Issue Tracking, Patch | |
| security-advisories@github.com | https://github.com/lxc/incus/pull/2642 | Exploit, Issue Tracking, Patch | |
| security-advisories@github.com | https://github.com/lxc/incus/security/advisories/GHSA-56mx-8g9f-5crf | Exploit, Vendor Advisory, Patch | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/lxc/incus/issues/2641 | Exploit, Issue Tracking, Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxcontainers | incus | * | |
| linuxcontainers | incus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxcontainers:incus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22A65942-B80B-4A93-ADF9-AF639CE3C1BE",
"versionEndExcluding": "6.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxcontainers:incus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6264E25B-FC10-461A-81EC-73D30BE1858E",
"versionEndExcluding": "6.19.0",
"versionStartIncluding": "6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the `security.shifted` property set to `true` as well as access to the host as an unprivileged user. The most common case for this would be systems using `incus-user` with the less privileged `incus` group to provide unprivileged users with an isolated restricted access to Incus. Such users may be able to create a custom storage volume with the necessary property (depending on kernel and filesystem support) and can then write a setuid binary from within the container which can be executed as an unprivileged user on the host to gain root privileges. A patch for this issue is expected in versions 6.0.6 and 6.19.0. As a workaround, permissions can be manually restricted until a patched version of Incus is deployed."
},
{
"lang": "es",
"value": "Incus es un gestor de contenedores de sistema y m\u00e1quinas virtuales. Un problema en versiones anteriores a la 6.0.6 y 6.19.0 afecta a cualquier usuario de Incus en un entorno donde un usuario sin privilegios puede tener acceso root a un contenedor con un volumen de almacenamiento personalizado adjunto que tiene la propiedad \u0027security.shifted\u0027 establecida en \u0027true\u0027, as\u00ed como acceso al host como usuario sin privilegios. El caso m\u00e1s com\u00fan para esto ser\u00edan los sistemas que utilizan \u0027incus-user\u0027 con el grupo \u0027incus\u0027 menos privilegiado para proporcionar a los usuarios sin privilegios un acceso restringido y aislado a Incus. Dichos usuarios pueden ser capaces de crear un volumen de almacenamiento personalizado con la propiedad necesaria (dependiendo del soporte del kernel y del sistema de archivos) y luego pueden escribir un binario setuid desde dentro del contenedor que puede ser ejecutado como un usuario sin privilegios en el host para obtener privilegios de root. Se espera un parche para este problema en las versiones 6.0.6 y 6.19.0. Como soluci\u00f3n alternativa, los permisos pueden ser restringidos manualmente hasta que se implemente una versi\u00f3n parcheada de Incus."
}
],
"id": "CVE-2025-64507",
"lastModified": "2025-12-29T16:29:38.553",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-11-10T22:15:39.460",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://github.com/lxc/incus/issues/2641"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://github.com/lxc/incus/pull/2642"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory",
"Patch"
],
"url": "https://github.com/lxc/incus/security/advisories/GHSA-56mx-8g9f-5crf"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://github.com/lxc/incus/issues/2641"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-64507 (GCVE-0-2025-64507)
Vulnerability from cvelistv5 – Published: 2025-11-10 21:56 – Updated: 2025-11-12 20:13
VLAI?
Title
Incus vulnerable to local privilege escalation through custom storage volumes
Summary
Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the `security.shifted` property set to `true` as well as access to the host as an unprivileged user. The most common case for this would be systems using `incus-user` with the less privileged `incus` group to provide unprivileged users with an isolated restricted access to Incus. Such users may be able to create a custom storage volume with the necessary property (depending on kernel and filesystem support) and can then write a setuid binary from within the container which can be executed as an unprivileged user on the host to gain root privileges. A patch for this issue is expected in versions 6.0.6 and 6.19.0. As a workaround, permissions can be manually restricted until a patched version of Incus is deployed.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64507",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T17:35:12.213063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T20:13:48.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lxc/incus/issues/2641"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "incus",
"vendor": "lxc",
"versions": [
{
"status": "affected",
"version": "\u003c 6.0.6"
},
{
"status": "affected",
"version": "\u003e= 6.1.0, \u003c 6.19.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the `security.shifted` property set to `true` as well as access to the host as an unprivileged user. The most common case for this would be systems using `incus-user` with the less privileged `incus` group to provide unprivileged users with an isolated restricted access to Incus. Such users may be able to create a custom storage volume with the necessary property (depending on kernel and filesystem support) and can then write a setuid binary from within the container which can be executed as an unprivileged user on the host to gain root privileges. A patch for this issue is expected in versions 6.0.6 and 6.19.0. As a workaround, permissions can be manually restricted until a patched version of Incus is deployed."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T21:56:26.578Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/lxc/incus/security/advisories/GHSA-56mx-8g9f-5crf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/incus/security/advisories/GHSA-56mx-8g9f-5crf"
},
{
"name": "https://github.com/lxc/incus/issues/2641",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lxc/incus/issues/2641"
},
{
"name": "https://github.com/lxc/incus/pull/2642",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lxc/incus/pull/2642"
}
],
"source": {
"advisory": "GHSA-56mx-8g9f-5crf",
"discovery": "UNKNOWN"
},
"title": "Incus vulnerable to local privilege escalation through custom storage volumes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64507",
"datePublished": "2025-11-10T21:56:26.578Z",
"dateReserved": "2025-11-05T21:15:39.399Z",
"dateUpdated": "2025-11-12T20:13:48.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}