Old Wine in a New Bottle: A Decade-Old lxd-Group Root, Re-Armed
Summary
The STAR Labs article documents a decade-old LXD local privilege escalation chain on modern Ubuntu Server releases. It explains how being in the lxd group yields root-equivalent access due to the lxd-installer and socket, even when LXD isn't installed. The authors provide PoC, discuss mitigations, vendor response, and hardening recommendations for SMBs and admins.