oss-sec mailing list archives
Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up
From: halfdog <me () halfdog net>
Date: Mon, 18 Oct 2021 17:52:51 +0000
Alon Zahavi writes:
After disclosing the issue with the linux-distros mailing list, I am reporting the security issue publicly to here. There is no patch available and may not be available for a long time because the kernel can't enforce the mitigation proposed, as that would be a layering violation and could also possibly cause a regression. This vulnerability was attached with CVE-2021-3847. Here is the report that was initially sent: ...
Just funny, just hours before this mail I got 3 mails on different overlayfs copy-up vuln, e.g. """ The Precise Pangolin has reached end of life, so this bug will not be fixed for that release ** Changed in: linux (Ubuntu Precise) Status: New => Won't Fix -- You received this bug notification because you are subscribed to the bug report. https://bugs.launchpad.net/bugs/1534961 """ ... [Bug 1534961] Re: CVE-2016-1575 [Bug 1547400] Re: CVE-2016-2853 [Bug 1535150] Re: CVE-2016-1576 So it is 5 years and not so much changed :-) Overlayfs and alike where lower privileged user can simultaneously access lower/upper AND the mounted file system is extremely dangerous and prone to so many vulns, that nobody should use/allow that. hd
Current thread:
- CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up Alon Zahavi (Oct 14)
- Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up halfdog (Oct 18)
- Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up Miklos Szeredi (Oct 19)
- Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up Thadeu Lima de Souza Cascardo (Oct 19)
- Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up Miklos Szeredi (Oct 20)
- Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up Thadeu Lima de Souza Cascardo (Oct 19)