Description
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
Exploits (1)
References (8)
Core 8
Core References
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://launchpadlibrarian.net/235300093/0005-overlayfs-Be-more-careful-about-copying-up-sxid-file.patch
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://launchpadlibrarian.net/235300225/0006-overlayfs-Propogate-nosuid-from-lower-and-upper-moun.patch
Mailing List, Patch, Vendor Advisory x_refsource_misc
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360
Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/bugs/1535150
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/02/24/8
Third Party Advisory x_refsource_confirm
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1576.html
Exploit, Third Party Advisory x_refsource_misc
http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/10/18/1
Scores
CVSS v3
7.8
EPSS
0.0035
EPSS Percentile
57.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (8)
canonical/ubuntu_core
15.04
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
15.10
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
16.10
canonical/ubuntu_touch
15.04
linux/linux_kernel
< 4.5.2
Published
May 02, 2016
Tracked Since
Feb 18, 2026