CVE-2016-2854

HIGH

Linux Kernel 3.0.0-3.19.8 - Privilege Escalation via aufs POSIX ACL Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-2854. PoCs published by halfdog.

AI-analyzed exploit summary This exploit demonstrates privilege escalation via AUFS in user namespaces, leveraging FUSE to expose crafted SUID binaries or manipulating xattrs to gain elevated privileges. It includes multiple components like SuidExec, FuseMinimal, and UserNamespaceExec to achieve local privilege escalation.

Description

The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.

Exploits (1)

exploitdb WORKING POC

by halfdog · textlocallinux

https://www.exploit-db.com/exploits/41761

View Code ZIP pw:eip

This exploit demonstrates privilege escalation via AUFS in user namespaces, leveraging FUSE to expose crafted SUID binaries or manipulating xattrs to gain elevated privileges. It includes multiple components like SuidExec, FuseMinimal, and UserNamespaceExec to achieve local privilege escalation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: AUFS (Advanced Multi-Layered Unification Filesystem) with allow_userns option enabled

No auth needed

Prerequisites: Unprivileged user namespaces enabled · AUFS module loaded with allow_userns option · FUSE filesystem support

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1611 - Escape to Host

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory x_refsource_misc

http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2016/02/24/9

Third Party Advisory mailing-list x_refsource_mlist

https://sourceforge.net/p/aufs/mailman/message/34864744/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96838

Scores

CVSS v3 7.8

EPSS 0.0095

EPSS Percentile 56.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (1)

linux/linux_kernel 3.0.0 - 3.19.8

Published May 02, 2016

Tracked Since Feb 18, 2026