Comment 21 for bug 1783591

CVE paperwork:

Vulnerability type: Incorrect access control
Vendor: LXC
Products:
 - LXC 2.0
 - LXC 3.0
Vendor acknowledged: yes
Attack type: local
Impact: Information disclosure
Affected components: lxc-user-nic
Attack vectors: Manually passing a PID path to a non-namespace path
Description:
  lxc-user-nic (setuid) when asked to delete a network interface will
  unconditionally open a user provided path.

  This code path may be used by an unprivileged user to check for
  the existence of a path which they wouldn't otherwise be able to reach.

  It may also be used to trigger side effects by causing a (read-only) open
  of special kernel files (ptmx, proc, sys).
References:
 - https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591
 - https://bugzilla.suse.com/show_bug.cgi?id=988348
Credits: Matthias Gerstner from SUSE