Canonical LXD Privilege Escalation Vulnerability via Incomplete Denylist in Low-Level VM Options

A vulnerability in Canonical LXD versions 4.12 through 6.7 allows for privilege escalation from a restricted project user to host root. The issue arises from an incomplete denylist in the 'isVMLowLevelOptionForbidden' function, which fails to block 'raw.apparmor' and 'raw.qemu.conf' under the 'restricted.virtual-machines.lowlevel=block' project restriction. A remote attacker with 'can_edit' permission on a VM instance can exploit this omission by injecting AppArmor rules and QEMU configurations that bridge the LXD Unix socket into the guest VM. This exploitation grants the attacker full administrative access to the LXD cluster, which can be leveraged to gain root access on the host.

Impact

Exploitation of this vulnerability leads to unauthorized privilege escalation from a restricted VM user to host root, bypassing the intended isolation and security controls of LXD's project management.

Reproduction

The vulnerability can be reproduced by creating a restricted project in LXD and assigning a user the 'can_edit' permission on a VM instance within that project. The user can then inject AppArmor rules and QEMU configurations that exploit the missing denylist entries, bridging the LXD Unix socket into the VM and escalating privileges to LXD cluster administrator. This access can be further escalated to host root by creating a privileged container that mounts the host's root filesystem.

Remediation

Users can upgrade to LXD versions 5.0.7, 5.21.5, 6.8, or 4.0.10 to address this vulnerability.