8.8
CVE-2021-3493
- EPSS 75.34%
- Veröffentlicht 17.04.2021 05:15:14
- Zuletzt bearbeitet 19.02.2025 19:47:40
- Quelle security@ubuntu.com
- Teams Watchlist Login
- Unerledigt Login
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux SwEditionlts Version < 18.04
Canonical ≫ Ubuntu Linux SwEditionlts Version >= 18.04.1 < 20.04
Canonical ≫ Ubuntu Linux SwEdition- Version < 20.10
20.10.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Linux Kernel Privilege Escalation Vulnerability
SchwachstelleThe overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 75.34% | 0.988 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| security@ubuntu.com | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-270 Privilege Context Switching Error
The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.