CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52	Mailing List Patch Third Party Advisory
https://ubuntu.com/security/notices/USN-4917-1	Vendor Advisory
https://www.openwall.com/lists/oss-security/2021/04/16/1	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:::::lts:::*
	cpe:2.3:o:canonical:ubuntu_linux:::::lts:::*

Configuration 2 (hide)

cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:-:*:*:*

History

07 Jul 2023, 19:10

Type	Values Removed	Values Added
CWE	~~CWE-269~~	CWE-863

Information

Published : 2021-04-17 05:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-3493

Mitre link : CVE-2021-3493

CVE.ORG link : CVE-2021-3493

JSON object : View

Products Affected

canonical

ubuntu_linux

CWE

CWE-863

Incorrect Authorization

CWE-270

Privilege Context Switching Error

{"id": "CVE-2021-3493", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security@ubuntu.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}]}, "published": "2021-04-17T05:15:14.630", "references": [{"url": "http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "security@ubuntu.com"}, {"url": "http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@ubuntu.com"}, {"url": "http://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "security@ubuntu.com"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "security@ubuntu.com"}, {"url": "https://ubuntu.com/security/notices/USN-4917-1", "tags": ["Vendor Advisory"], "source": "security@ubuntu.com"}, {"url": "https://www.openwall.com/lists/oss-security/2021/04/16/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@ubuntu.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Secondary", "source": "security@ubuntu.com", "description": [{"lang": "en", "value": "CWE-270"}]}], "descriptions": [{"lang": "en", "value": "The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges."}, {"lang": "es", "value": "La implementaci\u00f3n de overlayfs en el kernel de Linux no comprob\u00f3 apropiadamente con respecto a los espacios de nombre de los usuarios, la configuraci\u00f3n de las capacidades de los archivos en un sistema de archivos subyacente. Debido a la combinaci\u00f3n de los espacios de nombre de usuarios no privilegiados junto con un parche incluido en el kernel de Ubuntu para permitir montajes de superposici\u00f3n no privilegiados, un atacante podr\u00eda usar esto para alcanzar privilegios elevados"}], "lastModified": "2023-07-07T19:10:36.743", "cisaActionDue": "2022-11-10", "cisaExploitAdd": "2022-10-20", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "90A80DE7-3EFA-464C-9D31-C46521FFBFBF", "versionEndExcluding": "18.04"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "2027773B-26DA-408E-B71D-40D05690D9EA", "versionEndExcluding": "20.04", "versionStartIncluding": "18.04.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "ACAB2EE0-EC21-4669-840F-94F6C3028C64", "versionEndExcluding": "20.10"}], "operator": "OR"}]}], "sourceIdentifier": "security@ubuntu.com", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Linux Kernel Privilege Escalation Vulnerability"}