USN-6738-1
Advisory lineage Upstream: 2 Downstream: 0
Upstream
Published: 22 Apr 2024, 09:47
Last modified:20 May 2026, 16:03
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
22 Apr 2024, 09:47
Published
Vulnerability first disclosed
20 May 2026, 16:03
Last Modified
Vulnerability information updated
Description
lxd vulnerability Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that LXD incorrectly handled the handshake phase and the use of sequence numbers in SSH Binary Packet Protocol (BPP). If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass integrity checks.
Affected Systems
- ubuntu•lxd
< 2.0.11-0ubuntu1~16.04.4+esm1 | < 3.0.3-0ubuntu1~18.04.2+esm1