CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-3493

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score66.1960%
EPSS Percentile89.88th
Published2021年4月17日
Last Modified2025年10月28日

Vulnerability Description

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

Affected Platforms (CPE)

💻
Canonical

Ubuntu Linux

< 18.04
💻
Canonical

Ubuntu Linux

>= 18.04.1 and < 20.04
💻
Canonical

Ubuntu Linux

< 20.10

References & Advisories

🔗 http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html
🔗 http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html
🔗 http://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.html
🔗 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52
🔗 https://ubuntu.com/security/notices/USN-4917-1
🔗 https://www.openwall.com/lists/oss-security/2021/04/16/1
🔗 http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html
🔗 http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html

関連する脆弱性情報

CVE-2018-66349.8

A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maint...

CVE-2021-344239.8

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before ve...

CVE-2021-34928.8

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during cop...

CVE-2019-128817.8

i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local us...