A critical vulnerability in Canonical LXD allows an attacker with restricted VM permissions to escape the sandbox and achieve full host root privileges.

The vulnerability resides in the isVMLowLevelOptionForbidden function, which fails to correctly block raw.apparmor and raw.qemu.conf keys. An authenticated attacker with can_edit permissions can leverage this to bridge the LXD Unix socket and escalate privileges.

With a CVSS score of 9.1, this flaw represents a major security failure in multi-tenant environments. An attacker gaining host root access effectively compromises the entire hypervisor and all containers or VMs managed by the cluster, leading to total data loss and system-wide compromise.

Immediate Action: Upgrade Canonical LXD to the latest version to ensure the restricted project denylist is properly enforced.

Proactive Monitoring: Audit LXD project configurations for unauthorized usage of raw.apparmor or raw.qemu.conf keys.

Compensating Controls: Restrict the can_edit permission to only highly trusted administrators until the patch can be applied.

Public Exploit Available: Unknown

This vulnerability poses a severe risk to containerized and virtualized environments. Administrators must audit their current LXD configurations for signs of tampering and apply the vendor-provided patch immediately to prevent unauthorized host-level access.