What Happened

A critical security vulnerability, identified as CVE-2026-34177, affects Canonical LXD versions 4.12 through 6.7. This flaw resides in the permissions checking mechanism and results from an incomplete denylist within the isVMLowLevelOptionForbidden function of the LXD source code located in lxd/project/limits/permissions.go. The vulnerability was discovered when security researchers found that the restrictions on virtual machine (VM) project configurations were insufficiently enforced.

This issue specifically affects the handling of the raw.apparmor and raw.qemu.conf configuration keys. The inadequate blocking under the restricted.virtual-machines.lowlevel=block project restriction allows these keys to be modified by unauthorized users. As a result, users with can_edit permissions on a VM instance in a restricted project can exploit this flaw remotely to inject arbitrary AppArmor rules and QEMU character device configurations.

Technical Details

CVE-2026-34177 presents a serious flaw with a CVSS score of 9.1, classified as critical. The vulnerability stems from a failure to appropriately deny certain configuration keys in LXD’s permission logic. Specifically, the function isVMLowLevelOptionForbidden does not account for or block the raw.apparmor and raw.qemu.conf settings. When a remote attacker with the can_edit privileges accesses a VM instance within a restricted project, they can leverage this omission to compromise the system.

Once exploited, the vulnerability allows an attacker to inject an AppArmor rule and configure a QEMU character device that effectively bridges communications between the LXD Unix socket and the guest VM. This bridge enables the attacker to escalate their privileges from a VM-level administrator to a cluster-level administrator, and eventually to the root of the host system. Indicators of Compromise (IOCs) may include unusual QEMU configuration entries and altered AppArmor profiles on affected systems.

Impact

The exploitation of CVE-2026-34177 can severely impact organizations using Canonical LXD for virtual machine management. Specifically, any user within these environments who has can_edit permissions on VM instances within restricted projects is a potential threat vector for this type of attack. If successfully exploited, the breach could lead to full administrative control over the LXD cluster and root access to the underlying host system, posing significant risks to data integrity, confidentiality, and availability.

The scale of this vulnerability is concerning due to its potential to compromise entire infrastructures managed by LXD, particularly in environments where VM instances are delegated to multiple users who may have varying levels of trust and permission.

What To Do

  • Update your LXD installations to the latest version that contains a patch for CVE-2026-34177 as provided by Canonical.
  • Audit and limit the assignment of can_edit permissions on VM instances, especially within restricted projects to minimize exposure.
  • Regularly review and revise the AppArmor profiles and QEMU configuration settings to ensure no unauthorized changes have been made.
  • Implement strict monitoring of network traffic between VMs and the host to detect any anomalous data flows that may indicate exploitation.

Patching this vulnerability should be prioritized to protect against potential unauthorized access and privilege escalation. Organizations should also review security policies and permissions deployment to enhance their overall security posture against similar flaws.