lxc is vulnerable to information disclosure. The vulnerability allows local users to infer whether any file exists, even within a protected directory tree, because Failed to open
often indicates that a file does not exist, whereas does not refer to a network namespace path
often indicates that a file exists which allows the attacker to gain access to sensitive user information.
bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45
github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274
github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104
github.com/MaherAzzouzi/CVE-2022-47952
lists.debian.org/debian-lts-announce/2023/08/msg00025.html
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml