CVE-2021-3493
CVE-2021-3493
In short
A flaw in overlayfs (a Linux filesystem layer) allows unprivileged users to gain elevated privileges by manipulating file capabilities. This matters because it breaks the security boundary that normally prevents regular users from becoming administrators.
Technical detail
The overlayfs implementation fails to properly validate file capability settings against user namespace restrictions. Combined with Ubuntu's patch enabling unprivileged overlay mounts, an attacker in an unprivileged user namespace can set capabilities on files to escalate privileges without requiring root access initially.
Summary generated and translated by AI from the official description.
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
Ubuntu · linux kernelpublic PoCs found — 19
githubgithub.com/briskets/CVE-2021-3493★ 442githubgithub.com/inspiringz/CVE-2021-3493★ 42githubgithub.com/oneoy/CVE-2021-3493★ 3githubgithub.com/puckiestyle/CVE-2021-3493★ 1githubgithub.com/cerodah/overlayFS-CVE-2021-3493★ 1githubgithub.com/fei9747/CVE-2021-3493★ 1githubgithub.com/cyberx-1/OverlayFS-CVE-2021-3493★ 0githubgithub.com/Abdennour-py/CVE-2021-3493★ 0githubgithub.com/derek-turing/CVE-2021-3493★ 0githubgithub.com/iqbalhussainas/OverlayFS-LPE-Exploit★ 0githubgithub.com/fathallah17/OverlayFS-CVE-2021-3493★ 0githubgithub.com/Sornphut/OverlayFS---CVE-2021-3493★ 0githubgithub.com/pmihsan/OverlayFS-CVE-2021-3493★ 0githubgithub.com/ptkhai15/OverlayFS---CVE-2021-3493★ 0githubgithub.com/iamz24/CVE-2021-3493_CVE-2022-3357★ 0githubgithub.com/George-Yanni/DeepRoot★ 0cve_referencepacketstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.htmlunverifiedcve_referencepacketstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.htmlunverifiedcve_referencepacketstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.htmlhttp://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.htmlhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52https://ubuntu.com/security/notices/USN-4917-1https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3493https://www.openwall.com/lists/oss-security/2021/04/16/1