Description
LXC allows attackers to overwrite the host LXC binary (and consequently
obtain host root access) by leveraging the ability to execute a command as
root within one of these types of containers: a new container with an
attacker-controlled image, or an existing container, to which the attacker
previously had write access. This occurs because of file-descriptor
mishandling, related to /proc/self/exe. This attack is only possible with
privileged containers since it requires root privilege on the host to
overwrite the binary.