Vulnerability Details : CVE-2016-2853
The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
Threat overview for CVE-2016-2853
Top countries where our scanners detected CVE-2016-2853
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2016-2853 34,449
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-2853!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-2853
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-2853
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-2853
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2853
-
http://www.securityfocus.com/bid/96839
Linux Kernel CVE-2016-2853 Local Privilege Escalation VulnerabilityBroken Link
-
https://sourceforge.net/p/aufs/mailman/message/34864744/
aufs / aufs3 and aufs4 GIT releaseThird Party Advisory
-
http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/
Aufs Union Filesystem Privilege Escalation In User NamespacesExploit;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2021/10/18/1
oss-security - Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_upMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/02/24/9
oss-security - Aufs Union Filesystem Privilege Escalation In User NamespacesExploit;Mailing List;Third Party Advisory
Products affected by CVE-2016-2853
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*