ALPINE-CVE-2018-6556

ALPINE-CVE-2018-6556 PUBLISHED CVSS 3.299999952316284 LOW

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.

Risk Scores

CVSS v3.0

3.299999952316284

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.18	lxc	1.0.0-r3, 1.0.6-r1, 0.8.0-r2
Alpine:v3.23	lxc	2.1.1-r8, 2.1.1-r7, 2.1.1-r6
Alpine:v3.17	lxc	2.0.3-r1, 0.9.0-r0, 0
Alpine:v3.20	lxc	1.0.0-r1, 0.7.4-r0, *
Alpine:v3.10	lxc	1.0.1-r0, 0.8.0-r7, *
Alpine:v3.21	lxc	2.0.7-r5, 2.1.1-r5, 2.0.3-r3
Alpine:v3.7	lxc	2.0.8-r1, 0.7.4-r0, 0.7.4-r1
Alpine:v3.19	lxc	1.0.6-r1, 0, 0.7.4-r1
Alpine:v3.13	lxc	2.1.0-r1, 2.1.1-r0, 2.1.1-r1
Alpine:v3.8	lxc	2.1.1-r7, 0.8.0-r2, 0.8.0-r1
Alpine:v3.11	lxc	2.0.7-r3, 0.8.0-r3, 0.8.0-r2
Alpine:v3.6	lxc	0.8.0-r0, 0.7.4_rc1-r0, 0.7.4-r3
Alpine:v3.15	lxc	1.1.2-r2, 0, 0.7.4-r0
Alpine:v3.14	lxc	2.1.1-r8, 2.1.1-r7, 2.1.1-r6
Alpine:v3.12	lxc	0, 0.7.4-r0, 0.7.4-r1
Alpine:v3.22	lxc	2.1.1-r8, 2.1.1-r7, 2.1.1-r6
Alpine:v3.9	lxc	0, 2.1.1-r8, 2.1.1-r7
Alpine:v3.16	lxc	0.7.4-r1, 0, 0.7.4-r0

Timeline

Aug 10, 2018 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2018-6556 advisory

Open in Interactive Console →