8.8
CVE-2021-3493
- EPSS 75.34%
- Published 17.04.2021 05:15:14
- Last modified 19.02.2025 19:47:40
- Source security@ubuntu.com
- Teams watchlist Login
- Open Login
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
Data is provided by the National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux SwEditionlts Version < 18.04
Canonical ≫ Ubuntu Linux SwEditionlts Version >= 18.04.1 < 20.04
Canonical ≫ Ubuntu Linux SwEdition- Version < 20.10
20.10.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Linux Kernel Privilege Escalation Vulnerability
VulnerabilityThe overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 75.34% | 0.988 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| security@ubuntu.com | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-270 Privilege Context Switching Error
The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.