Executive Summary

CVE-2026-34177 is a critical vulnerability in Canonical LXD versions 4.12 through 6.7 caused by an incomplete denylist in the function isVMLowLevelOptionForbidden. This denylist omits two important keys, raw.apparmor and raw.qemu.conf, which should be blocked under the restricted.virtual-machines.lowlevel=block project restriction.

A remote attacker who has can_edit permission on a VM instance within a restricted project can exploit this omission to inject malicious AppArmor rules and QEMU chardev configurations. This injection allows the attacker to bridge the LXD Unix socket into the guest VM, enabling them to escalate privileges to become a full LXD cluster administrator and eventually gain root access on the host machine.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts as it allows an attacker with limited permissions (can_edit on a VM) to escalate their privileges to full cluster administrator and then to root on the host system.

• Privilege escalation from restricted VM user to cluster administrator.
• Ability to create privileged containers and mount the host root filesystem.
• Complete escape from VM confinement to host root access.

This can compromise the confidentiality, integrity, and availability of the entire LXD cluster and the host system, potentially affecting multi-tenant, lab, CI/CD, or hosting environments where restricted projects are used.

Useful 0 Not Useful 0

Detection Guidance

Detection of this vulnerability involves checking if your LXD deployment is running a vulnerable version (4.12 through 6.7) and if restricted projects are configured with the setting restricted.virtual-machines.lowlevel=block.

You should verify whether any VM instances in restricted projects allow users with can_edit permission to set or inject raw.apparmor or raw.qemu.conf keys, which are not supposed to be allowed.

Commands to help detect potential exploitation or configuration issues could include:

• Check LXD version: lxd --version or snap info lxd
• List projects and check if restricted projects have the lowlevel block enabled: lxc project show <project-name>
• Inspect VM instance configurations for presence of raw.apparmor or raw.qemu.conf keys: lxc config show <vm-instance-name>
• Monitor for unusual QEMU socket connections or presence of /dev/virtio-ports/lxd.exploit inside VMs, which may indicate exploitation.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation involves upgrading LXD to a patched version where the vulnerability is fixed.

• Upgrade to LXD versions 5.0.7, 5.21.5, 6.8 or later, which include the fix that adds raw.apparmor and raw.qemu.conf to the forbidden list in restricted projects.
• Review and restrict permissions so that untrusted users do not have can_edit rights on VM instances in restricted projects.
• Audit existing VM configurations to ensure raw.apparmor and raw.qemu.conf keys are not present.
• Consider temporarily disabling or tightening the restricted.virtual-machines.lowlevel setting if immediate upgrade is not possible.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows a remote attacker with limited permissions to escalate privileges to full cluster administrator and host root access by bypassing VM low-level configuration restrictions.

Such privilege escalation can lead to unauthorized access to sensitive data and system controls, which may violate security requirements mandated by common standards and regulations like GDPR and HIPAA.

Specifically, the ability to escape VM confinement and gain root access on the host can compromise confidentiality, integrity, and availability of data and systems, potentially resulting in non-compliance with data protection and security regulations.

Useful 0 Not Useful 0