CVE-2021-3847

EPSS 0.5%CWE-281

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.

Produtos afetados

n/a · kernel

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://bugzilla.redhat.com/show_bug.cgi?id=2009704 https://www.openwall.com/lists/oss-security/2021/10/14/3