CVE-2016-2853

HIGH

Linux Kernel 3.0.0-3.19.8 - Privilege Escalation via aufs and FUSE Mount Namespace Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-2853.

AI-analyzed exploit summary The exploit demonstrates privilege escalation in AUFS (Another Union File System) within user namespaces by leveraging FUSE to expose crafted SUID binaries or manipulating xattr inheritance to gain elevated privileges. It includes functional code (SuidExec, FuseMinimal, UserNamespaceExec) and detailed exploitation steps.

Description

The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

Exploits (1)

exploitdb WORKING POC

locallinux

https://www.exploit-db.com/exploits/41761

View Code ZIP pw:eip

The exploit demonstrates privilege escalation in AUFS (Another Union File System) within user namespaces by leveraging FUSE to expose crafted SUID binaries or manipulating xattr inheritance to gain elevated privileges. It includes functional code (SuidExec, FuseMinimal, UserNamespaceExec) and detailed exploitation steps.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: AUFS (with allow_userns option) on Linux kernels

No auth needed

Prerequisites: Unprivileged user namespaces enabled · AUFS module loaded with allow_userns option · FUSE support

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Core References

Broken Link vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96839

Exploit, Third Party Advisory x_refsource_misc

http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2016/02/24/9

Third Party Advisory mailing-list x_refsource_mlist

https://sourceforge.net/p/aufs/mailman/message/34864744/

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2021/10/18/1

Scores

CVSS v3 7.8

EPSS 0.0091

EPSS Percentile 55.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (1)

linux/linux_kernel 3.0.0 - 3.19.8

Published May 02, 2016

Tracked Since Feb 18, 2026