Cyber Posture

CVE-2026-34177

Critical

Published: 09 April 2026

Published
09 April 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0014 34.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote attacker with can_edit permission on a VM instance in…

more

a restricted project can inject an AppArmor rule and a QEMU chardev configuration that bridges the LXD Unix socket into the guest VM, enabling privilege escalation to LXD cluster administrator and subsequently to host root.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Mandates validation of information inputs, directly mitigating the incomplete denylist in isVMLowLevelOptionForbidden that fails to block raw.apparmor and raw.qemu.conf keys.

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for access to system resources, addressing the failure to block low-level VM configurations under restricted project permissions.

CM-6 Configuration Settings partial match
prevent

Establishes restrictive configuration settings for virtualization systems, helping prevent exploitation through incomplete enforcement of lowlevel=block restrictions.

Security SummaryAI

Canonical LXD versions 4.12 through 6.7 are affected by CVE-2026-34177, an incomplete denylist vulnerability in the isVMLowLevelOptionForbidden function located in lxd/project/limits/permissions.go. This flaw fails to block the raw.apparmor and raw.qemu.conf keys under the restricted.virtual-machines.lowlevel=block project restriction, allowing unauthorized low-level configurations in virtual machines.

A remote attacker with can_edit permission on a VM instance within a restricted project can exploit this by injecting a custom AppArmor rule and QEMU chardev configuration. This bridges the LXD Unix socket into the guest VM, enabling privilege escalation to LXD cluster administrator and subsequently to host root privileges. The vulnerability has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-184 (Incomplete List of Disallowed Inputs).

Mitigation details are provided in the GitHub security advisory GHSA-fm2x-c5qw-4h6f and the associated pull request at github.com/canonical/lxd/pull/17909, which patches the denylist to include the missing raw.apparmor and raw.qemu.conf keys. Security practitioners should review these resources for upgrade instructions and apply the fix promptly to affected LXD deployments.

Details

CWE(s)
CWE-184

Affected Products

canonical
lxd
4.12 — 5.0.6 · 5.21.0 — 5.21.4 · 6.0 — 6.7

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1611 Escape to Host Privilege Escalation
Adversaries may break out of a container or virtualized environment to gain access to the underlying host.
attack.mitre.org →
Why these techniques?

The vulnerability enables exploitation for privilege escalation (T1068) by allowing injection of AppArmor and QEMU configurations to bridge the LXD Unix socket into the VM guest, facilitating escape to host (T1611) and escalation to LXD cluster admin and host root.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References